lumma | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbHlRby1CRHBSckhQZloyb09RdDFhVDZNbDU2QXxBQ3Jtc0ttQU5manJyVlVGdUNlcUJISTJvSTVDMGdFMi1qMVNTaWxVcTFxMmstbXNsd1lEcjBONFJ0RXE4YTNGVGtjb2NROTF6cjN2ZXd4ZTEtMEx3YlFuaHFnc0x2OEZKVDR2aHRVVk9QWkdkdHAwSTc1aEVqZw&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2F0s4l0ql101w6f%2FROBLOX%2BEXECUTOR&v=rmSfCR4vUtQ

Analysis

max time kernel
124s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2025, 19:12

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHlRby1CRHBSckhQZloyb09RdDFhVDZNbDU2QXxBQ3Jtc0ttQU5manJyVlVGdUNlcUJISTJvSTVDMGdFMi1qMVNTaWxVcTFxMmstbXNsd1lEcjBONFJ0RXE4YTNGVGtjb2NROTF6cjN2ZXd4ZTEtMEx3YlFuaHFnc0x2OEZKVDR2aHRVVk9QWkdkdHAwSTc1aEVqZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F0s4l0ql101w6f%2FROBLOX%2BEXECUTOR&v=rmSfCR4vUtQ

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://ingreem-eilish.biz/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 7 IoCs

pid	Process
3496	Loader V2.exe
3224	Loader.exe
4536	Loader.exe
408	Loader.exe
1612	Loader.exe
4464	Loader V2.exe
2536	Loader V2.exe

Loads dropped DLL 3 IoCs

pid	Process
3496	Loader V2.exe
4464	Loader V2.exe
2536	Loader V2.exe

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 3496 set thread context of 2336	3496	Loader V2.exe	138
PID 3224 set thread context of 4536	3224	Loader.exe	145
PID 408 set thread context of 1612	408	Loader.exe	149
PID 4464 set thread context of 1140	4464	Loader V2.exe	153
PID 2536 set thread context of 4276	2536	Loader V2.exe	159

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1204	3496	WerFault.exe	134
2028	4464	WerFault.exe	151
1604	2536	WerFault.exe	157

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader V2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader V2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader V2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
1640	msedge.exe
1640	msedge.exe
3280	identity_helper.exe
3280	identity_helper.exe
4080	msedge.exe
4080	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4584	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	4584	7zG.exe
Token: 35	4584	7zG.exe
Token: SeSecurityPrivilege	4584	7zG.exe
Token: SeSecurityPrivilege	4584	7zG.exe
Token: SeManageVolumePrivilege	1528	svchost.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
4584	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3516	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 3028	1640	msedge.exe	83
PID 1640 wrote to memory of 3028	1640	msedge.exe	83
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4484	1640	msedge.exe	84
PID 1640 wrote to memory of 4256	1640	msedge.exe	85
PID 1640 wrote to memory of 4256	1640	msedge.exe	85
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86
PID 1640 wrote to memory of 3276	1640	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHlRby1CRHBSckhQZloyb09RdDFhVDZNbDU2QXxBQ3Jtc0ttQU5manJyVlVGdUNlcUJISTJvSTVDMGdFMi1qMVNTaWxVcTFxMmstbXNsd1lEcjBONFJ0RXE4YTNGVGtjb2NROTF6cjN2ZXd4ZTEtMEx3YlFuaHFnc0x2OEZKVDR2aHRVVk9QWkdkdHAwSTc1aEVqZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F0s4l0ql101w6f%2FROBLOX%2BEXECUTOR&v=rmSfCR4vUtQ
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72d046f8,0x7ffe72d04708,0x7ffe72d04718
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,8993534471734912473,6848672820122122922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3224

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Roblox Executor V2\" -ad -an -ai#7zMap10407:98:7zEvent25041
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4584

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1528

C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader V2.exe
"C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader V2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3496
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 1028
  2⤵
  - Program crash
  PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3496 -ip 3496
1⤵
PID:5032

C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe
"C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3224
- C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe
  "C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4536

C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe
"C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:408
- C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe
  "C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1612

C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader V2.exe
"C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader V2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4464
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 996
  2⤵
  - Program crash
  PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4464 -ip 4464
1⤵
PID:5104

C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader V2.exe
"C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader V2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2536
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4276
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 996
  2⤵
  - Program crash
  PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2536 -ip 2536
1⤵
PID:4584

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38ab055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:5308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e5a511027936693206538514ce333f38

SHA1
56681b8ac33c30faa2a51d10969f6d1a8dca330c

SHA256
d1f2ef07d85eee0a705262b028925b42394230b0cc16e38bb47571438ac02bf6

SHA512
81887807b9714d56421c42c51977692d3391ee59dbcc1e20dcd9adf74cfcc071c4026586822d9b780197a13e12af02351cf5f2632b59e3db9996b0fca1e511c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bd552d081e990f29c9b8735548008116

SHA1
88abf0f888a417859833b2725ad1db7edf1777d1

SHA256
02760a560ce12209bb6ec714146df81eb7c37da4db977b6878863e866c8a7768

SHA512
4bf7e4e2c12dd01a0502db142aa18a8a05a316a49059c444ce648da26f66eae26bbb01e95e98fe9d76fe4224b855740ee4680973e9a02d418400cb2527d32df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d82b0b48650134fc1788bd334af3616d

SHA1
5f63f2c9a740b0b91d624efc5cfc37c0a5f6631c

SHA256
a56c38d8a25fd1b2e6bcef20e2a1cc0f2e4760833ae0f67d59a46b1ca83280a6

SHA512
64c3480ca8d9ae7713f8a97010821b7b8adfb5700a9526a3b70b81ba85cb9636b45fd497af015c0509fd34ea413d41fc2e454ad26d83a37799d70ba3f4a5d252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e9d4ab2de9b04e55c02d1dd857ae68d2

SHA1
5a1d46eeeb70a23d4613709094797b40c9b239fc

SHA256
b148489a5d663d14f08c3d49606e04163242f17e7fb6f81e0c96343c87ee6516

SHA512
1fb1f12cdbe76cf4efd0d8d9953edc9ae6365f35cbb71ac19b789c9eb05561240ac024aa178511a92d9fbbd671fee64de89e4ee121485a19c425f8bbd44b6179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a366c991baf40f6a191a2c3e5cc4ffa

SHA1
fb3bb8f3e22d56a1af5c9171cc9d25ba056e564b

SHA256
5aa2dfc9bf2efdf46f772d73d184ee8e54f6c18fd208d79b3a7338cae4f13976

SHA512
b217d085ece78bef9d97347e60f8c91ee3afc51805dcbf110ec5d37fc0d2d352f65d0721eb5513c9551afd281af6992b6ae2522e4b090c2990c8b604035b0ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
92893a0eaa8000749c185fe86178d716

SHA1
72249eb952ab9ffcab189f29d9ee8175469a66a5

SHA256
37c7937d6824c75f4f64b5ae74aac17db9c021e2b0390e79784a04b181dead52

SHA512
e3a0d629657107cf3d3e8de3ad816392d929d4378453b719db978b6d3780b297156e9f83460cd13253da615123921d4aa4032c8162f1949dbde2b123427ee28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c3f653e490929ababeaa83a8b16b2b9c

SHA1
3242442e495d4c778a9bedb8cc8974b5db46690b

SHA256
6547ff7462b8e0e0afc8b049f50f72607858f5571a060927fedf978ecbc41b64

SHA512
5b9336974f4781ace52ab142059f51df1d1caea94dcb3d21e18f4535ec0984bc7378b2eb847cb149cbc10736e7cbec483875751be490585a44ae74160a90c544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fe7d866f551bf37129381fd91b40a970

SHA1
15d6757e107a99f8679a2c834d8952a90a877760

SHA256
005b9bad7785f63af035afe0bc767c01a64b77a994a44346972d2c4916f63091

SHA512
10b8a3cdcb5aa7727a468cf11927b6cccb3164618384615a04556049d65b2fe3f77a7aa1d167cdab02b4ba2894d7d4e81516b9fd363f0f614dc8449d70c19755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f259b63cd69c77169c9982b113269a8

SHA1
4265caef0579ceddfdaa61361006d1dda0acfb6d

SHA256
38faa68c9ae466ebeaf7576c9f02f4feee178a23f7689dd40911f45d264ddd29

SHA512
57f220252dfe8117c3904176d1df3863fa2f04299f83ec75871dc8da7542777b72a3fa1606d35d3c014df889281fbb761d7e3e29e025e0bd870995b6d600d9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587923.TMP

Filesize
1KB

MD5
c2c9f171ee69a599cec2a48e04d83288

SHA1
32e3558aae7aa2833f77ab12b043bc0edd8563d1

SHA256
9acdbe59d381071620024ab9ecfaefa1cdec8f9c26c28dc25b1a760d94f896ec

SHA512
057f8c0b03730ec12ab8909d187bc24e721ee816c895f1f84eba68a2c092205c91ed9ed04a4966f14f67ebca9d23d517a3cd437a7767d2300daebc9d8c6015ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
41f0b9affba2483b348219f4cf37bf16

SHA1
d68a488bf294f9c14816537213b5153df71d82ed

SHA256
d4ed699d1e68a4a4c8c4fc9fd37594c98f892f2c2438be26674cb12659ef1d3a

SHA512
466ed610033ab6edb175c442aa453db09cc684fef4712a7532e4f5855f9a87d6f35f9c82a75fe9c2458b7728b9f6ead337a22108cf1349ad27cb644b86a5be77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e8f41e1b615ce86c63f2fce17487fd3b

SHA1
f1d36786a687a5d960013db1a0d2ef9d1751e7c2

SHA256
77fa7c9b1fab5217a1a15eedc93e0011237f58cb9d366a41fab5922f833479cf

SHA512
8780112fb2df52de1fd0aedfad2a907bae5d62a5a0d8a3b769b19ab8780e38b0d775f86f10c6daa72cba37d37013f2859e0bdf9ede8bee75c0c0e3c77b9c993e

Download Submit
C:\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
436KB

MD5
87779671b571ee948d5ab35497e5bc01

SHA1
635d64766c6313fca82d22fce71c5257ca60245b

SHA256
ad5e1c8d2153407553f33317ab075c288f40c1cab7db8f4f8ff8ae101648ed63

SHA512
f72142dc4960bcbe6a3e70b4e6054fb615896f4f220d6d80b26f92279e0d52c221fc777a6ee63bbfdb777015ca455c9a5f8ee6f3784405d1a5dc01eec44753b0

Download Submit
C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader V2.exe

Filesize
747KB

MD5
e77436b09b44b658aa99c3e01b2c2158

SHA1
ced5257c4dde2a8e7e9c865c9dfbd85e048a31a2

SHA256
ee1c16c265b70905ac1cabe6d6049065af23e6f04b1d608fbc2cf9d734c23ee8

SHA512
dda453a2604eb6b5b194015915073ab2e17c8099428f378a92029d442969429dabe121111a89015c6a571cca13851d3584321e00354e03e52360074813bd9768

Download Submit
C:\Users\Admin\Desktop\Roblox Executor V2\Roblox Executor\Loader.exe

Filesize
805KB

MD5
c9588ab6edbdc907371493bdb8f0f10f

SHA1
6adac60e54ab29d95dc3e1869483f44b6e787af5

SHA256
67388739e5d6c3a714e6a249ff7e3cdd0f93deea5fdc89bd9f8afca53062432b

SHA512
ddc82b2d4af4e7cc8a45f38050725504f32aeaecf8c015c68d85afd683ab0d1b6d756359cd8cca7d55049d19a8a4fcadec92b212e3abf37d102f31de41873193

Download Submit
C:\Users\Admin\Downloads\Roblox Executor V2.zip

Filesize
17.4MB

MD5
4c4a8b62ceb78ceecafd63c1cfe2ec9b

SHA1
56f85758455d90c6cccdc15947dcf94c78202ef1

SHA256
48baade95fbed15283954cfffa73590e29ad5eba35be47cc45794fbf0a69556e

SHA512
93eebb8710c0ba18a72127ca93bcda988ce6a380e092a730627ed420faddf63a2c4ab689cf29137b55b8a1f13241ff0c5deac4510857e596ad9c4a61b773e7dd

Download Submit
memory/1140-1179-0x00000000751A0000-0x00000000751F8000-memory.dmp

Filesize
352KB

Download
memory/1140-1177-0x00000000751A0000-0x00000000751F8000-memory.dmp

Filesize
352KB

Download
memory/1528-1235-0x0000016919040000-0x0000016919041000-memory.dmp

Filesize
4KB

Download
memory/1528-1123-0x0000016919270000-0x0000016919271000-memory.dmp

Filesize
4KB

Download
memory/1528-1104-0x0000016910F40000-0x0000016910F50000-memory.dmp

Filesize
64KB

Download
memory/1528-1122-0x0000016919270000-0x0000016919271000-memory.dmp

Filesize
4KB

Download
memory/1528-1225-0x0000016919280000-0x0000016919281000-memory.dmp

Filesize
4KB

Download
memory/1528-1228-0x0000016919280000-0x0000016919281000-memory.dmp

Filesize
4KB

Download
memory/1528-1226-0x000001690EDA0000-0x000001690EDA1000-memory.dmp

Filesize
4KB

Download
memory/1528-1088-0x0000016910E40000-0x0000016910E50000-memory.dmp

Filesize
64KB

Download
memory/1528-1232-0x000001690EDA0000-0x000001690EDA1000-memory.dmp

Filesize
4KB

Download
memory/1528-1229-0x000001690EDA0000-0x000001690EDA1000-memory.dmp

Filesize
4KB

Download
memory/1528-1120-0x0000016919240000-0x0000016919241000-memory.dmp

Filesize
4KB

Download
memory/1528-1124-0x0000016919380000-0x0000016919381000-memory.dmp

Filesize
4KB

Download
memory/2336-1140-0x0000000075250000-0x00000000752A8000-memory.dmp

Filesize
352KB

Download
memory/2336-1136-0x0000000075250000-0x00000000752A8000-memory.dmp

Filesize
352KB

Download
memory/2336-1137-0x0000000075250000-0x00000000752A8000-memory.dmp

Filesize
352KB

Download
memory/3496-1129-0x0000000004DC0000-0x0000000004DC6000-memory.dmp

Filesize
24KB

Download
memory/3496-1128-0x00000000002D0000-0x0000000000394000-memory.dmp

Filesize
784KB

Download
memory/4276-1191-0x00000000752F0000-0x0000000075348000-memory.dmp

Filesize
352KB

Download
memory/4276-1188-0x00000000752F0000-0x0000000075348000-memory.dmp

Filesize
352KB

Download
memory/4536-1154-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4536-1152-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads