Analysis
-
max time kernel
123s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11-01-2025 04:45
General
-
Target
RobloxExecutor.zip
-
Size
644KB
-
MD5
5cca3b7c8117a508fa8f30221ce550c0
-
SHA1
6f26fc9d5a2b12e0bd379f7071f4b7808f364548
-
SHA256
2db050c4612390792244c41de6ffdb8e8d4e6273dae3001f66698c3f6e7edb69
-
SHA512
9d61fc4180a658d53717ea8e9bd6540b93d95df2589da2a286e183573d2a8a030a5d162f6f5fbbd41c338788805cb8ad59da5174d4622862fa02d5607bcc66ec
-
SSDEEP
12288:qzOFl64h29ZNtIbtg8KoTiFQmfPBAjTJSrpjVI7IARESa:KOa4c9ObtuoTifPWkpVIV2
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://begguinnerz.biz/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 4 IoCs
-
Suspicious use of SetThreadContext 4 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 39 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RobloxExecutor.zip"1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zO064959E7\SolaraExecutor.exe"C:\Users\Admin\AppData\Local\Temp\7zO064959E7\SolaraExecutor.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\7zO0648B5D7\SolaraExecutor.exe"C:\Users\Admin\AppData\Local\Temp\7zO0648B5D7\SolaraExecutor.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\7zO064946D7\SolaraExecutor.exe"C:\Users\Admin\AppData\Local\Temp\7zO064946D7\SolaraExecutor.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\7zO06441CD7\SolaraExecutor.exe"C:\Users\Admin\AppData\Local\Temp\7zO06441CD7\SolaraExecutor.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff65ca46f8,0x7fff65ca4708,0x7fff65ca47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8649011892172966949,11418768635159768388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO06484B78\CERTIFICATE2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x38,0x108,0x7fff65ca46f8,0x7fff65ca4708,0x7fff65ca47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6072408915247470488,8064656500159248173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42B
MD584cfdb4b995b1dbf543b26b86c863adc
SHA1d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5a1f722e9f4c2dbf474ae07e72112947c
SHA199a1a9eaab3d3bab5a800dc1e5ef141aaa48e847
SHA256eaf4006a4d21d0787b2c4fc4f41af05e55851ccc91356f19c930a00387a27e0d
SHA512477e63eaca418b9c67bac0c4c22b8ac321530727b84a7d8488487cfc65e12191d170f4053b51a7d4c7c1341386cec603416747bc0319f5439ad81b1723e0d3ff
-
Filesize
152B
MD5ae8b244ad448e26c6f273f215a8aba1a
SHA1d6f5fc9b5b867b7dcfccc82c88ae85400e657cb0
SHA25615748669b0554666a19b8b3eaa7dc83dd6272626884315eb23e3df706fb2c78c
SHA5125c2c65fa1efbe4fb20be98ae4f1edecd7968deb5ec8922ef235c63f1bce34c61c0a29aee659c5ddc8daa1ad5de579d7d6da8b6a7b969039ffdeceb5e4eaea3b3
-
Filesize
44KB
MD583f6fd620a3d1d12dab8ab539eee1a7b
SHA17a428dbe2bf9000d077dba84b783e2445f746747
SHA256f53ff5d3cfaba46f29a9d6e63df81a52d53fc855b9bcf11c7821c3e7c16ebddc
SHA512af5d68134038df75d6c0cb9b89904aef61bd378c95bd17f553c8c8cc4a73de5fba96f164f9d95ac3ce96dbfcd60ba10111b209e1c539152708c8c035efefded5
-
Filesize
264KB
MD5d6a841e5efe7a88d609b6ea5300b6e5f
SHA1e18616da516665436ae10925d5017e4c4e5dc191
SHA2568e3b1981e2b83e8d186856e8e5485be35188a45a7340983af650f988bd411c64
SHA512852189d896ea80b0c2403041e35e80dfd124a4e73ef007945033cb6bf4188ccd8565d48c23f255ffffb7b65acd7de05b46a3d6e5ba541efce3fb78e70f8227fa
-
Filesize
888B
MD52573b68167f5a4a1b9124d734bae4f17
SHA10da04d967519ba2b64858b444dae196588d948bc
SHA256371e3a7a164661e61b37720dbe23e9c2f20b8df9014febedf1aa3ea7a1c9a686
SHA512b043afa7987a2f0abfdf26080f3720613e4391a2b11508afe90ebec82d9897bfa24541588a8e948ee8f9fce38a313e2e253d90458954c007888ce1e01165eede
-
Filesize
322B
MD5eb8289b57a9b3ef2e1c9bfe2d1789e4d
SHA1c84400f1c0e8c8c280d718fb9ab0277ad7b11546
SHA2568cfd780d80d4ffebc59ac6ad05c15bf5cccdcd658ce6f0a9b26408e45c112341
SHA5121c5d57914f883d9d28e00b3173d4f8d986df4463308bebdaecaefec3e162fbb84e05f3fd4b22d785c26fb035411abff6fdf1486a515c2be9287ec7435eeef7e8
-
Filesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
Filesize
331B
MD574702109458fab4679a72e8851efd8bf
SHA1ff962dbb24b1cdc3b07cd2593b5fc714c4de054c
SHA2565b00baf24f63d8c66e3b2d347e9b98d8e933abd8ac1ee1e47764b76803969394
SHA51241ebd64e89b6bbae7d77e329105f885aaa688e82089d09ea99b14013c366df16f3f001f52237ea6fd7cdd88a809e42c66f215619c9ef0a0a7bc8d7fa6a163f77
-
Filesize
1KB
MD5efea54f6b02b024dadf5c627e91ddf74
SHA196baa50b624e578ddbcf167f88ae46198c9494ee
SHA2561921a5520ca05003eefdce2e8bd8422fcbf09d781797d5694f3d0f5bc8a1bcd4
SHA512d701d5a0a28d16beff750898cd4d505451caa96f346af1ba3b77f5cb385d59e98fc7f15094f31ab879d9c7778210ad8e034f616fbdee20f915cd1df322ef0dcc
-
Filesize
6KB
MD58af217ab035bf7c9ec9f23eba9d361fe
SHA1947c1169c23e2279e1737a674cb706774c94aa9a
SHA25609eec9e5494a7ee68a95283f6887b4c0386b5cf914730d037b3bcf506b610b0f
SHA5121646bdc7bdb95847bbc6692224f1508a45f75e0b138ec36e63eef99d87348e009fa8b67e5969a358c4b408adff4f2cfd170f9085e6df63a4a761f2fd0515cd46
-
Filesize
7KB
MD5e5cbdafaecd55bbcfd3815009388fbcc
SHA1fbdd6f92f7a2852d9dddba48091a4b226c3c2e76
SHA2562d88789340bf5095e23c70c7770a8dc0ab25933719c400ce534dbfa5f7792432
SHA5120473c884e2b96fcc91214235cade5520972b696b670084e6e05de121db524396bda547e4fd4bad6ef668c0e09862f2163eea208a7a69e17749725c07fe9033e9
-
Filesize
6KB
MD5d5562c88fd1700589500f0d5ec752ed6
SHA14af8e88f10a6048bf3a7ccc2c3564ce684a353b8
SHA256c71d5d079eb2d7f977de8242ea9b368d254e56d9e2ff7a8c677cd5b610f267fe
SHA512f85b3b7427e08e20ff3c70ef93f5fe98a8d61401703072b9187e4020b1e4635b456624def918232f47c9b8321c7395ff6cb1ca54822a2c69a75c6fb41c1957bf
-
Filesize
5KB
MD525f88c55b314c57c41ef87c484b99afe
SHA1242ba9d11289de29e303bd76f5cd0ff2c4e56088
SHA256bec47bbe9e870fab6fc43a76262343b362ef5aa116575ce7186cdcba058f4313
SHA5127e45a07c9f3f2c04725161bfe156aa84490fb138c19e5546c34570135d6bf0d00ab2d7c11055d6370c79ac9ec2448007ffee38782a55c17b65b2b6a5e90cb65c
-
Filesize
6KB
MD501e1d6dcacdf3a0f985d62394d8f248d
SHA140d8268e377ff3ce59edf48bc3a9ceaacad830e8
SHA25622067523f898b412f610632b2358a7892c4cf46a60bff712a3a30019e3ab95d4
SHA512d54f6711d09e16cb493910a6be74c0e424e6b7aca99cd3cebc9e7ecf30badecdc236d05896ad7758e5f472696cfeb431f90b69f984be72352a2255c19f2e8856
-
Filesize
72B
MD549fedce16046d7a275fd3c7e3235a85f
SHA12b35f3a6f7ff29c77dbd03a35b3a7e2917223113
SHA256413a63bafdf1597201bc2f97b0d9a80777697ee3146a47b2ad0e9848312522da
SHA512723c77d20dbabe8d23be88c71d1b2153ea96e39844c773a40954635e1f86e13201326d40277db7724062469a585c3ce548d9cb093f815af28b0340341cd86b7c
-
Filesize
48B
MD5a2669d5ee3b515474b21c13c126ef38d
SHA1f04feb27faed5c58b54ba282e0d1ac6850c44487
SHA256e1cf11c760a9f57cc5590e603a53eeef30f1e17203484112793a3163e9a775f9
SHA5127963afb75845d6bb6140f5b1c5ccb0fc43ba308a36d8f4dfe20554990a147e76af0223a0f181e6804535ef2fbc25370dcc4421e13c2cae2a689442459eeb256a
-
Filesize
327B
MD5a66efaa590a0d16b1874a35836ba0a4b
SHA1bb750c61e162420271f89a90f2b58f43587680e1
SHA256b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654
SHA5122b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5
-
Filesize
319B
MD55c5f6efe9905fbc0fe7bceeca6a66418
SHA197270931a2c7ad625ee3a4bd85e0fcedb655e5af
SHA2565c8e04170ae9c2a1796e02260c7bb3ae6a0e5dc8c22f42c95fd2096d19ed0c14
SHA512ddf359abc77c4e311473e070d0f122845e0bd4ee3f8de2c33f801ff2fe3dd7839963740869acdfdb50ccc439e472bf668a26747a08fe48b630c3109716913994
-
Filesize
1KB
MD58c85789a905275e31388f3a7f0bc454c
SHA127414057ba9dd4373262c998d73ed8fad3d7a586
SHA2560bbaaebefa2db72da2487988d6225827b30c4f4727b055d1a1632eb0a953c7bd
SHA5127f971af772fe28585378ab83bd0b420ef9f0ca451821b47544683eeb939b150f80fd629332f5be8ba1b0d5b385a0dc19d43447d0143db225fd1185906fd3c11e
-
Filesize
347B
MD5cf1ffca9613d2aff4d891b45e2ae7c73
SHA1d11974e7056c4e5b41d082bcaef1141e4b358efb
SHA2561896864def5aebf2b717d46076ae22aa181c3172b10833e53e4ec2031eb5ebf5
SHA512be11711e20cae2b8cf70fa663d150d17fd72c59f578eec9ea962e9ae59aa4953340029237814cd9b84766402fa4b2dce7de54fc1c3731ae484e1cea0f00a7a5a
-
Filesize
323B
MD5b55691975fea46bab92c9f8985ed43bf
SHA1c342ad1a1e37f727dc8001dfb40c0d332e3b42c1
SHA2562329da1c041bdc8de963d8230aada44fa72534a395d62449670f4edcc51cf946
SHA5126dc064612cd051a1eb9c5f25452f2228ce2525f1d4b733562967ce1977c4927445f2e60c6f947d75ff3b9a7783dee57ed64dfb1f5cea038c176d3b00f0b7613f
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
44KB
MD50ab737c3db8f5344b499f361a3e33a3a
SHA1c844b991176d4c756f571c9d520037b2310f66dd
SHA25698788d9697ab917c35024a6ee582161974e0fb746b4ab27ccadefc49e48aabd9
SHA51242b87aa657c7f1e6a7625c67d01d5e0125932197a30ac8d4115f725576d0e48e62d75d060588727d2b9485ce483c2f762433a66ec0441ec6ca02719b8bc1a188
-
Filesize
187B
MD56c0359559cce0630f4ea2aa08cef58ee
SHA13ede79b7fb5784e63a208691c236b54a21ac4ecb
SHA256e03a870a70f38154b502a24af5381abcf5920d6d56e2eca55cbabcbcc650e0b8
SHA51226fdccab138c0e8c3408462a17130da364224fbb48204f835fd7c2543dbf4cc23669960004c31007dbc92d5681b7f09a7b7efc36d9dfc58d4aa39145ec558157
-
Filesize
319B
MD57ddb32ce22bdb7ead2940016a15faf10
SHA1f1b78094d673947b7c64a66782eefa9887ea9b0e
SHA2566a3710ae140abb67839f17438de5f710fb48f8f00d561a5991d84476f6de64a3
SHA512b901b17aef133aeaa81798db05376281a7f3e6d41e7f31c7066777b01750b95a6f3b853007c823eeddccd0f1b1b7808e1bb68042b33c696d6957a3fbefe1e052
-
Filesize
565B
MD52e88d319f1bb7153061bdf3217c01ce4
SHA12ed6161e98f058b71fd5cf2dfe90300c7873f1d4
SHA2564bb72f9e202032591ba0b3400b666a45e535e286d6617c4d46021f2c7a80a491
SHA512bcf580716a74dbfe7523349980cc233adee95ac8c06aef494925899fb03216fe66fbf58dcbdb4c175f26bc3bea749bdfd612a2c2250efacd2ccccc94829fd994
-
Filesize
337B
MD502abc1acd4d5ff16955f8d759ce9848e
SHA189c7e6e0dcda216c89410e0d03e4177829ea965c
SHA2560754bd90e6a2f7cc99b4caaa19bb69c18996631e1ef6a4a59f467c7c5a7d225b
SHA512dfe3a0f9f6d8e21201ff8ababa2e9b0e39c17dac9173b0e52d9d7b9ee047a57e73a068283a129c3836f34896c5efa1cc75bcad7c840323e997a1ee55976a7d71
-
Filesize
44KB
MD5942da2ca70946c7dec57c98d26715468
SHA1389ea2eb8a2f688027fe87c50bf72e0f883f357a
SHA256560769f7a5514cf433017d446fa6ba4dc479593bf71dba8a1cb459dd285bfbe7
SHA512d27ff8fd2c54a4ba5a8acf8ecff45a239f316d8508577d858a04bb3ab81052c4c51a11e0f3b19111f14d7bf05f40bf267ae7d0b76b6a8798826bb55209e3d0d1
-
Filesize
264KB
MD55df623f6eb33d8f12ae700ed3b97a883
SHA18b332f4a3fb47658dbaa8bdc511c218eeccf6803
SHA2566d35f23a9187c150ff0a49a54e47346bace86ebb8e97adf1d1f0f01b39881952
SHA5121ae7c6fdf9d1a3ad40eb4182f46e930de88ddea82b26665b9f9b67a02a9f5ef0062262b1adade529bccfc8a043107e77d78e8d9e2b09a449c210a6ed9d0e3995
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
10KB
MD56ea126b44a892d8f565f19d9b8fa148d
SHA1ce859562015f6d4a02928091bf444f1bb4fbe670
SHA25665fa310e9c1727c245883f5e4a06915b91da80a5aac79fb9891129d19a20379e
SHA512b77a03e505e6d4a796699a69c14b709aeccb67981f007ef4b7bd28fca151ff8e55c34258fa60ab92cca39bd433afc29a80302bc3529cfe885f46954d1f20e3fe
-
Filesize
10KB
MD50011703a7b74b5df9d51cfd7b5415dbb
SHA125e465a95bde97a5b1ea9f5649b5f4633eaa0509
SHA256c161550e3efdf197f47ad47bda61f681e08940df6a9fee4fa0ad0d9eb9e48eca
SHA51209ab2e63ff4ec64a8d3c36cc4232fa20bdc93e4da13567aa91589169703634c598526f5a1cb6001f1a8cd43449acea01d62465bbefc75f7e4866672ec0fe0cb5
-
Filesize
10KB
MD55b6b97ca7e25079834db94a318639b17
SHA164a8d13ae22c4de88145bb61a80777bc2838eab6
SHA256fbb95b36a49e7f46c8227973369c8e30aad5e7cedab8439925afb8f40529d270
SHA512091945f6fa7329eee64b4afc4e49eec48bb7eb952c75ab26a136eda81655ff049cc72bbe6e9cb517e766c0c558fc29f0f94e33539dc3b53d44bf6136d98a84d9
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
11KB
MD5136773dc54a8b59bad0bb1b698657ed5
SHA1913227d5cf66fd489c526f770fdd5533e83e1180
SHA25625e47193fdb7c26cc82948b8e8b15ed6d851993af6b1c015fa4a9e291fe74c18
SHA512c1b3d041226b54edcac4bb144276fa954cc352f4922c334310cf317a928aad941d5e1451f0279f2063f6597caf04b03d5bb2bfeb914b2a6d4ccbb5c464496e98
-
Filesize
515KB
MD560ceb7525262fc24d79d37673e4ad94a
SHA1cd5b82bf17bfc323e5735edea497aac56d1ff831
SHA256e7edbcac7edd3c3df661ed4b1daa17539870d988c9e0020edc8d7c1b702bc789
SHA5127509f302acc1e880d2e4c8d854cf510080d2a6f4435943996ffc55a65704f3eb8815e44b3944110b8d51011d139a7e3a272d271abe904550843884a9dcb06a5f
-
Filesize
456KB
MD5a09f3fa3b7b779fba9738de2610db255
SHA10857f2365d861030eb2f838cb01d215f0d8733ca
SHA256e9136af28da0d77388d9d470734ef45ac99854bb3d008ab5f3856a83b8abdaba
SHA512bb4a61e223337b68fbf35035c09ae89a11d8712c7e403adc2620a4416caf8e04326445412c5a091840093ba5205c71b2b7c8ab94e68f43cd7ddc5e63b03874b0
-
Filesize
396KB
-
Filesize
396KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
536KB
-
Filesize
4KB
-
Filesize
464KB
-
Filesize
800KB
-
Filesize
396KB
-
Filesize
396KB
-
Filesize
396KB