Analysis
-
max time kernel
183s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
01/04/2025, 21:54
General
-
Target
https://drive.google.com/file/d/1PWaQtNmOv0p-krMGMbB_BqwHPhK8e_rG/view
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
-
Drops file in Program Files directory 5 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
Runs .reg file with regedit 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1PWaQtNmOv0p-krMGMbB_BqwHPhK8e_rG/view1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x214,0x260,0x7fff5ca6f208,0x7fff5ca6f214,0x7fff5ca6f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1728,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2172,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=1976 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2492,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=2676 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4184,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4308,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3644,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3756,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5348,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5676,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6124,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6124,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6312,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6304,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6204,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=4444,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=4284,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5032,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4448,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=7188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2124,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3156,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=760,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6628,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=6920 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3560,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7416,i,12663305457693960854,3487190601811222417,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" t -an -ai#7zMap19388:152:7zEvent324921⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\" -spe -an -ai#7zMap9531:152:7zEvent113751⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\regedit.exe"regedit.exe" "C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\FL Studio 24.2.2 Producer Edition KioNathan\FL Studio_24.2_reg_key.reg"1⤵
- Runs .reg file with regedit
-
C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\FL Studio 24.2.2 Producer Edition KioNathan\24.2.2.4597_WD\ID Patcher.exe"C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\FL Studio 24.2.2 Producer Edition KioNathan\24.2.2.4597_WD\ID Patcher.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\FL Studio 24.2.2 Producer Edition KioNathan\24.2.2.4597_WD\FL64.exe"C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\FL Studio 24.2.2 Producer Edition KioNathan\24.2.2.4597_WD\FL64.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\FL Studio 24.2.2 Producer Edition KioNathan\24.2.2.4597_WD\FL64 (scaled).exe"C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\FL Studio 24.2.2 Producer Edition KioNathan\24.2.2.4597_WD\FL64 (scaled).exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\regedit.exe"regedit.exe" "C:\Users\Admin\Downloads\FL Studio 24.2.2 Producer Edition KioNathan 2\FL Studio 24.2.2 Producer Edition KioNathan\FL Studio_24.2_reg_key.reg"1⤵
- Runs .reg file with regedit
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD50db1d88802048ff847bfcf47035335bd
SHA1bb54059e5b145da464f6521ae67353889ce00771
SHA256416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a
SHA51232c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30
-
Filesize
280B
MD58734b4a181214bb62f91cfa36c7e2c98
SHA19cff323f10778a23d73ac3dcffc038d3bf661b78
SHA256e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5
SHA512e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
3KB
MD564f8cc77b1a8fa772d0914f1743d11ef
SHA190737056b393a5e42b82bc0d46a977d333dabf09
SHA2568c8b92c9add02166eaa39fd76127f2a80b0940cab71d7447e0a3db834be57f7f
SHA5121dd210b6dad39cbb5f08dde20bda4a2561bbd5680b258a81e29f2632e25ba0754f08ad195a8e222c72c14839d1d058b0d67043b61c2635db4b538c84f3459b58
-
Filesize
3KB
MD57eeae1d43c1d3ecc6249dc744b7e62ee
SHA1af2fe2df28e38c516a22bfe7d13b89727754d7ea
SHA2562254c6aa4e36c6658516d5bacd908e8121ea7caedf9b4f227e26f5c667d7042a
SHA5127681b2807d0af55d2787f4cdadbf7b55a50e722e31070e5504e4514bb3ae69016ce2ff7e140f9c2a7092e0923d87565d891cc78d8022271f4277e8230fee0754
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5de70e8dd3da02ebf37a58114ccec46bb
SHA1aa3c95f38bc3fa773ae3e79b6a0698116eb1771b
SHA2562e769f7c04c1cad0262ab0239deef09b50fb09e8fd9e743e476310ad5774ea9f
SHA512fd9de825bbcf5a890331e978cd049182880f3e9bebd02aad55d244bac67385b2ebafff5d9d9ea8a5e3893604927b8592c787e4a9b663c075b8b3a5717240ddb8
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD52d04116a9b8d174fea535c82b16fc816
SHA139abf138cf68a11e81d80dc8500b586bd15defea
SHA256ebaf39f54a6607c32acd70fbb4265f9e4fca8592e43b0fdd1ccb5453603ecbf7
SHA512a8e37df234cdbb7fecfb6c1bd669a66e1aca9c00868434593697ba619c743368c7b50f02cb9e1164fd3cb1dbc152f8a24fc946072576a4bb497a18f63257815a
-
Filesize
13KB
MD506355d2446dc38121319904b4589422d
SHA1fcd7f9676a30e995af2d13f68d06ef660d5eb7cb
SHA25696336d58d889dd1966cec5ea3bfa9ead0a8dfc8c2816b1d399ab19e8d0a04ec1
SHA512841ab89bda2bd51018a2c596619041971e4853da40a84f843b023a9701d03299d1ec73e858f4d005d9990b4d832f2bd8f10e984e7ec9894831daa7f01bd2908d
-
Filesize
14KB
MD56a01d84e944f5d4ef9f29ea83adedce5
SHA189e44731bb5b0942d0b71330fed54bfa0d0e6d09
SHA2560c233f4f15cf47ee7034f0a9193ab631fe0a1c96d2c14c8466bdeab83802750b
SHA5127e416293a63f7ddf7104b61c1947fcac853be7742a47c1cbb507eff640a97a679a46974a87e677a876922d06370de76133a729b68f6ec7a7ae2d49e24399a54a
-
Filesize
36KB
MD506b06cdd9a9dbd44baed3ed361bb216f
SHA14f5483a7cf7eb3af55869ab6074dd193a863295f
SHA256e970c0d45c08b6f28bc4f3b37eadaa52e8da4eb85721013febf402b8e4080e97
SHA5122241e6d59455ca596bb3a99a9e66ad3642e9d05d06fe8bd5c55476581bae97b97a57f4f06738890cb4f6f563a7d45e4e82666754898058816bf9606cf3f2a165
-
Filesize
4KB
MD5fedbd29d56700f6cb502962f628ab8c4
SHA1f8e578f33226f62e27bcf9486876b17fc75c7e5a
SHA256795797f34fc698a3a45491d592fcdaba44840a0477dea0768b03cc32c7dfa831
SHA512795012c7f285efde7ff73ed53dbba00404c9874b9f8dc385a2ec13f75d09397ed91dcf874140b1b00ff6d8885afd31110a40d30d10ce39339f58c19bac419569
-
Filesize
23KB
MD583e6fcf3f861fa45559e71bbb0b449c4
SHA1d779f1116a1bea5bddfd675fd672951d5b3b6b6b
SHA256d45a0d574649d869726c7eadb1464a99c074bc9a1f7e5bc07debc657c2298c73
SHA5121598e8a86ccca72a6799f26b5fa868bbda38ebae52d356b9d9958e6fe2e118b41a1bf4a1ec6b8f8cd179db8891c5d450242b9d302af60276d906709e2904e3e0
-
Filesize
876B
MD5972bcd4d26afdf3bb69d4d0329ba6d4c
SHA1dc7b2041524648950d7232343f2ab17705bb89e1
SHA256ef5d0ee36422bdfa3fc0cdd1ba42e80e599537a207c534ae2ee479625071377e
SHA51260725d73771a590254d861713b61ce0a17d75d42570aaa23f2981261d982c7a26b2a24701429a66c2628ffd5928e0599772c275f6adf8207e85b49194341a571
-
Filesize
467B
MD553af2b20c92558456ab298dbad1c59c4
SHA17039d44809f3c9140a550a6dc9a7298d1b4140d0
SHA25615fc28888e342500ba9f62382ddef401571c88ece56e6b4d05525521a9dfde7a
SHA51258a95e5b8e2fe03d25a2d56bcedff40ac1184c21da813800a0ea1e7505ffba322f8a2ff71117a21fba6f4595dcea8e95eb09b70a85478f70985a24e883f2aad5
-
Filesize
6KB
MD5044b510265c06f2ecd3248ef0d9b0de8
SHA13a6200830be2df5013c62370d8e73e3bf2297ce1
SHA256252783044393e2fb7bf2d34ef97acd9415eed8cdf48ee9198defe6782bd93fb2
SHA5125c8d2b099a86371831dab4734f1ab4367a773352be8b74bd96df18da68f1f4332f30a72c93074ba256942a02992354d508e7fd6515b8de81e9b7dbb6b1a6c779
-
Filesize
7KB
MD5a4177bb828935b59cf09c6d2b70632ad
SHA1757361bf2c3053d3670bb9271f37eadfb9c3d112
SHA2566d3ccd2275dbe4aa62c325f98aa5a6b95f6b60c7d9eb003fd35330d0ee74f42f
SHA512dfb8c1a2f1e188bb9443ea0f7a6a9ac019e1c1a4d142d2334675a0a33947cdc333d4b7c2386913446c9f60d70e1f6f838aa05bf7a79ae81adfe8497d6b632a41
-
Filesize
30KB
MD5f1b063e1f20f0459a28c40f0f0c16bad
SHA1278eaf25b07a8561a62d555c7cf83f15ec85c5b9
SHA25654d11e9e60413ac10ba2ca426dc8f4d479859b38e37c0a876de92618c477be21
SHA5128844bc9a92e4e2d2a1914af077e9527ea1fa93c3974edd89d3027cb222faf0b2cf112f6d3d03b1b0fa52ae04d1299ac7455520ff924277ec4beae5b4a387f508
-
Filesize
39KB
MD5e0e284fc94bdbca7d79a2ad9e7ebc97b
SHA1906108c1b473278d5ec48b0d36cd91ab820300e4
SHA256132e008dde6315394d2ea6006e126e0db1a5c3296947742f7088ce59c8fca7b1
SHA5123fa293533affa8afe8461689c86d67b750052ea0cd981e2f7461bc28b2a6d1f8f26f9a02210470db68dd543861d545c3b04dfd6859d752a25bafae59a0bcbea9
-
Filesize
2KB
MD5e011b30bd021f3fe3677fab6a997fb39
SHA18c7ee93fd41b7878b6f7dd8b5a99703a9aca4024
SHA256175eb9f888b521ab66919bf279cafafc50e82da8c1beb810be07cc7033ec339c
SHA512b5c0627012597787fec3b2c4de8ba34e392f6852179bea32850d106784f98f922cfad99205a997b6405be3438e39cced72dfd8f5fb8dfb590f28ded48e469b9b
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
3.2MB
MD53a80d58e5dbb6c4432ea09f8995e5692
SHA1a758ee6a2fdd3492365a9af9b56921a4c349c7b2
SHA2568d06a9a788c5e7bc61e7d035e536f37215a966304dadaa7d582986614f4e7582
SHA512640273fb17642e999920b82049a586eb3a8c96d1361b1d95e1530aa27a6af4d8c4ff72c936a3eb1d3cd0fbb524c21037627e689fbc7b1ffdc84f5815e5ffc780
-
Filesize
3.2MB
MD5216c4bf1c3cc4832ec086b33d16032ab
SHA16da9ec79aeaf864049809403e472350758ff50e2
SHA25694848de6a3aad71bc3aa648810e347bf6eddddf096a523294c9aa3b89b9b0e9b
SHA51208140bca14135eb29ec49b86a9592e070844dc35e95b7e5ca9ddb9893d19056d8ec3ab1c2905f72aa0b9fd1843737bb8d0979ab2547b6d1439bcf4cf9657ffaf
-
Filesize
58KB
MD50697f7c6a3b9c4f4c3b62d7dcd28463b
SHA16fc4e68f7eb29f0d2ef9664b33e1e9956922c534
SHA256d52ae302f0ec1971d86211002c84cbf43d7837c83921df35b9d14bda2f1630a9
SHA5123bd686ff0a1dfa6bc8d93793174b0bcaa056b9d3c661ca4988a8a1ff657db3f66f79067842688843e9ab86a5d25d9c21d23cdf1bea971bb9bb4015596044ebee
-
Filesize
61.6MB
-
Filesize
8KB
-
Filesize
61.6MB
-
Filesize
61.6MB