Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250410-en -
resource tags
-
submitted
10/04/2025, 18:05
General
-
Target
https://www.mediafire.com/folder/uml3a9raehtf2/des
Malware Config
Extracted
lumma
https://clarmodq.top/qoxo
https://soursopsf.run/gsoiao
https://changeaie.top/geps
https://easyupgw.live/eosz
https://liftally.top/xasj
https://upmodini.digital/gokk
https://salaccgfa.top/gsooz
https://ezestmodp.top/zeda
https://xcelmodo.run/nahd
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Loads dropped DLL 1 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 16 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 1 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/uml3a9raehtf2/des1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ff955aff208,0x7ff955aff214,0x7ff955aff2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1784,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2212,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2492,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=2504 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=3780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5272,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5528,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5980,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6056,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5088,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5440,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6796,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6964,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=4028,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7332,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=7312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7744,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7708,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=7752 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=8100,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=7724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6520,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7792,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=7824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=8624,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=8652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8840,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=8836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=7220 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9016,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=9036 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9024,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=9000 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5352,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=2772 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8272,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=868,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,4045363918019572791,11171114712333249687,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_molisiwex.zip\nolisbee.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_molisiwex.zip\nolisbee.exe"1⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_molisiwex.zip\nolisbee.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_molisiwex.zip\nolisbee.exe"1⤵
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD5ba25fcf816a017558d3434583e9746b8
SHA1be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA2560d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA5123763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f
-
Filesize
141B
MD5811f0436837c701dc1cea3d6292b3922
SHA14e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87
SHA256dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d
SHA51221e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35
-
Filesize
176B
MD56607494855f7b5c0348eecd49ef7ce46
SHA12c844dd9ea648efec08776757bc376b5a6f9eb71
SHA25637c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd
SHA5128cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
280B
MD50ab27b557c982a0966e0e873ec0af684
SHA191cad3834539c09bbdaaa04843abc5540e7b9215
SHA2560520ac04b1bd66dcdebc58825ac17be618be85ddd4e16ede2f0fa4bcbe46fc40
SHA5123a492cd3500644fbdee6a1595add1e1bfbe64ce606a461361be8d7d65f91ff74dd4b3c1e5fbf22dc9531c9da66452545d0bdb2b9b464f0802f0964e2cf6bf0e3
-
Filesize
5KB
MD5e3413f082e02d57078b5eb3a3e81f72d
SHA107d3f09ac8aaee5a60bdb85cb71fd167d9d03832
SHA2565287c3c16c6c3a3f1f1a43aad39f67ce90634f3a429774301b316cad634cf589
SHA5126ccdd04c52d9279b7ceb603130ee3714185e9689035db3d0bab498681e2a613041569eaa3833dc5255349617904892ac50f65eca4e07ca845c763b010e4d2d68
-
Filesize
3KB
MD5047a0b3e6d3f02087ac793454a0b43ef
SHA1b598794e4ebf87704fcc40932ae20b503b6b2483
SHA256c52c0d8307d27503896e33b44a13c83c0726b01cb47d32950185c8f80d345dc1
SHA5129d9b207b7cb30786df47ccb92e7a889337183fc8f9843ba64aef65dcda03f7179795db94b8289999bc2d844957789c568e4d63c77eedf6bd191f4f7b6074e079
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
288KB
MD5ca155e8b08a63fee6c372f1ece379d18
SHA10c8a2afe1cab38c49e78acb0472944bfcef8a27e
SHA256bd79d32f3dc7b8fb3d90533056dcc48237fda08a0a8fce9a943898cecc9e367e
SHA512c6d97fb9d6d5466d966913a0e7b9309395140876fd579a36702be122e60f8673ec0a867a34cb34fdacf60fbf56c68ab143c30760df8bd2f9fd5aa51569059eab
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
36KB
MD521bb8b1b9ea7651d29d4add31044e516
SHA1719314e5d141e225886e9cfa2862278e1ed45b98
SHA256528c6e31388a6caa18e4c2a1ca671eb0c33c8b4a44c81d57fc228e4a257e85dd
SHA51223382608414fae804e99a3307c6b9fa752341f748b34aba0f572a77a6aca46ecdc07599980922a6a5e0ec4449011d04d6c0242683a2ee1855090ce8ed10ba3e2
-
Filesize
23KB
MD56e38a3979a41b844dc820f8b4cf89615
SHA1fe39bdd5e8ed91243b7a3427a0b013024b9d0050
SHA256a62dd58f18e0eadd8f969e3f60e14a13554db6b6be20df02ffdbc42255671727
SHA512a60abd8dc1d81ece4b4463c875b24411f3a2c08122fd3dcb9dac83869087ae92ade4e77aff257cab83aa85194bfdb5397cd00d29d398abefaf64a23296f02347
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
22KB
MD58217e471d60daff61b8f0e2a05014333
SHA1e1a9a660679f412515c0ebd167727498899a9885
SHA256d5f09daed6ee18cfd43b67342b6441db17f36820ed3fa3d6c423f5a4c5ec0604
SHA51247ca31bbed8e12d5c70766b6bbfab6df5da7fccd1798ec8191c641fbbceaf25c93d364c3a7ca9f7d85556f1a3e0bce9980c306d75dcb5e539ee94778b24c3257
-
Filesize
18KB
MD55e73ee0524a62791c5342e2ca5999be7
SHA11850fac9afc9af57712d7e0893718dbd7f9ace5c
SHA2560a2393bb82622184bb0f1b52304958be1e2ecac28215e338ecfcd5733f4272c0
SHA512d4d2e9d6dde1a9308ffb1d820e2b408f127a37f6520164d18d4c0d26f0a6984ca3b6bd2b0708f2e111b7421bb91c627f45dc303e8c782278b5bde9939dce9c30
-
Filesize
22KB
MD532bcb25bd240fc0e0c359c4cc7ff0050
SHA1f08c5bca54724c9180ee5d69fc7d72e6c946e3f6
SHA256677c9a210564c21e1509dca451f3c56d6964ab9e56a166f153f6ca6970319baf
SHA51286431ce8f1ba83033ae4ffc137dfec7e139584ca9c7326ebee45c15bda866d867773eeb6792d20a3154634ba1c177fa07f7c56ed7fe23e6d597c198c390f11d6
-
Filesize
36KB
MD5c427bc5ce804d64e4e158058a4d83f38
SHA113538a65da3d78909a91e72a5a0082883ec0c780
SHA2568f2846bff086fed7cbc4f5c1de15e0a1ca586025f89a32b706aff0031e14703c
SHA512656c9c2a5ab79943f96e1201123397d612ea761344fb6a43ce9b924716ab4d7e65f94b54731b50e93062f6f095429d4a023b729f5db60e01d12b8db3723800e5
-
Filesize
72B
MD5b753790f07d124f78fccad35f5aeb680
SHA1b7295d06520d48887ebe10806a37b6fbbf8f986b
SHA256191ef90df14917de324a321c89abaaed9acd11c393484db31150517f11c598a0
SHA512cc6524d01866f150ea7043227ae39ae44358b9c5ab4f5cbf9c2bce1aff5d08216e8061ec59480f9dca66d01137879597f8b12d1eb57219a3d43e7a5a2339fcf8
-
Filesize
48B
MD5c172746ad643369c744fb8af83e2ab3e
SHA1d5e4958648455bca1e0d426af51a748258718b89
SHA256614d4d06537ccf3ad4b2da631f41c89843f1ab67702dfd302e61211a48e14874
SHA512e1a281fc1b255a0dcf3c40fbe8821740dacf549b18c87b0663d399d77d39e1d9dcdb2d3d812d5aafbb3e533b43551d8ddd24fc043e26c72d42b4576feb2c7807
-
Filesize
21KB
MD58c355a7270fa7358a242060b66e57cfe
SHA1e8f5b35c9ef00a3ad1e94e47855f597c2d98784c
SHA256eb3bb2922fe76c74e6af7e40cd44b48d1196730597720aed97da02376cbb1881
SHA51203f2abac6f95789ad834f38ca135d5fb47f2fa69564803a550b6c2d8421bb84f6b916beb89265df632ecbf83adec511b5fb8f9e038e814521c4a3b73505baa5e
-
Filesize
228KB
MD540cffcb65fa50f8b73befff99882317e
SHA1995553fa33c27f8c365e0aaf4320ca59a101c2b0
SHA256444d166ec1d772dce1d799c189e557aced8dc1ce80d5ab832255fc458c8ee489
SHA51226c76e179ba3de54a04d2817250c84774215a0d4ddd44b20d8a28e183d8abc9cc836ec32e7d374730d6fdd54b26943a4328d35b53c29e14e922c29860e6aad8e
-
Filesize
462B
MD54cdeeb1343d86ed632f86a0f7d8d7794
SHA122594b8d42eb1fc8ca3d690c3c01a5237f1a45c0
SHA256656b469abee06aba345b75417a4ff6dba1192c9b95463f774372cb81e1101aa4
SHA51204d0d67e1b402e34fb14ca75fd3041f46a844c93d6178f76f8fd4078c342e0f6499755dfaa07d150d4e65ffa465cb46a4d442a88a451494c6a684ca39d3affe3
-
Filesize
13B
MD53e45022839c8def44fd96e24f29a9f4b
SHA1c798352b5a0860f8edfd5c1589cf6e5842c5c226
SHA25601a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd
SHA5122888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9
-
Filesize
41KB
MD51c4ca109658fdaaf370b6d49b4348df9
SHA1bc596d38440f777a25eacd430b4ba8b642dcf319
SHA256596c0f773403542edd6165575d128e18501d42e907903060943a2ba218de6a12
SHA51243a35e964eab8e1ed0d87810abacd3d7c61fb2fda963d20fd51908e2722dd84cf9156c26dbd44e231e7d086007578d5e4960ed4aaf55c43c56363c22a1e15df2
-
Filesize
46KB
MD57fa12af2fc0001396bac78a8412f6f6f
SHA143e201afe1ccc18c25b190e55ef6bd64fd88c6cf
SHA256ddc522481a1e1917cd6c8891faaf7defe400f7760c23d9ce1cd4cb18bb06661f
SHA512914a582a7a12601a38da779b0e54aa91c86c51f94c648332e03be9744c13498c58fbc4bf720e14d63ee67faea0dc9b4ef4ae482ad6e937fbf56bb9a8df5a7424
-
Filesize
40KB
MD5a651cf74606499aa0c398c1e68ec14b9
SHA114dd990d3ef35ed10eb736356e3d83e3dc079613
SHA25626a410f565a66e0d871ecb7bdd1138d54ed31da8dbafd8754da60fadb79331b6
SHA512bf43d07e0239adb783a8ec7dff85a0eed002b9f1c4b2f3c151e7535376617e530777be4617959f592a4928c2fdb3c35b455fc4f464fb1661ff74530201e638bd
-
Filesize
40KB
MD550d82d96be4e1224d92de52232de76e7
SHA1d66b4c3336b3b890dcd25efa22f38e0135580384
SHA2568dfa14340a793b72e279823f18c73b3b8f6f9bf96d14ba338e1ad144b2a14dd6
SHA5128fab2f41baafa4f4b2680b9b4f861b528928383b778df81ef5d2bec9451dd07b72e87aedef9372050640ae4a0ff39350faa89553450942ac38d49e9983afef9d
-
Filesize
46KB
MD5b234d80f6ae3435c2bbbacb01ef3e992
SHA1d295972006de94ee0a2bf5ed7ebdac8abb1b659b
SHA256c5ead591a042a9d1fa20cf7ebd6beb9728752ee83b87ecf5b879fd2f0bdb067b
SHA512b1dec3f122bb191cde4fec5dc79fa4ba34ccf4f5b038d3a9a424cfd8aad64a99b7d9afb140d08a84dda486287be8e747b440e705c9604f003db82bf68105eafe
-
Filesize
572KB
MD5f5f5b37fd514776f455864502c852773
SHA18d5ed434173fd77feb33cb6cb0fad5e2388d97c6
SHA2562778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e
SHA512b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6
-
Filesize
2KB
MD5e53cb6afcb42eb29ca9913715f58edc5
SHA137d70b1f1232964e230b942daa8be16435fdc878
SHA2565805fa93df0cde3290f36ce3a0650b7a23dd8804fd0e2b1ada77d80c4060655e
SHA5122b6964dc909077e20e1d1c89a39b945871d1ff5b2d16b02686a2e2c5fe32621a1c06102d64fe6e63334df428a50cf324ab8f34d4c90ecc70111101174e8103b1
-
Filesize
388KB
-
Filesize
388KB