Analysis
-
max time kernel
1157s -
max time network
1171s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
06/11/2023, 16:17
General
-
Target
spine_2d.torrent
-
Size
77KB
-
MD5
406f2965dfdbb3fe4c87d60c3eaea5f7
-
SHA1
cfe74a0fb7687d5719f512dee1736166163a39c6
-
SHA256
bc4cf4fb88e68267cf3e912ff92a8cd737d05be99b9ea2f73001aef7c69256b6
-
SHA512
b0cc608e2a69bcefa6e99b8a4ce261f4822ff4ca3df3881f4ba2bafe094203142bca119e86ae4b82a89df7f0d5fe2b808cbb3c09fcc9007c81c416a04d03d0ee
-
SSDEEP
1536:i526HSJXDdArbBqBoG4zZvb17tLtk8/RKFrqF0+FF9l3rQ1cLW1B1qdGjAFdM0:r6T3rQMoUGkFdX
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 31 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\spine_2d.torrent1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\spine_2d.torrent"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A8684A2763337437A22398B25E14A2F7 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1F36AAA7DA3576A3A8F658CADD59ED07 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1F36AAA7DA3576A3A8F658CADD59ED07 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:14⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0134C932ED4049690321952B05E56F72 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A5EA9C3F2654B77763B64F42D4EBACB7 --mojo-platform-channel-handle=1820 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=73808A36C726ACCF102709BF91CDFD2C --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa38fc46f8,0x7ffa38fc4708,0x7ffa38fc47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4676 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3180932171204677809,6993783084034662206,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3556 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50629525c94f6548880f5f3a67846755e
SHA140ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa
-
Filesize
19KB
MD52d461643891977e248fe670eacb76946
SHA16024a1408232bb08275095c8952daab1d0e8a184
SHA2568fcb771e7032f52589becab02ea1384ff54b43aa2dd276c87bc631f1767016a1
SHA5120649037f77ae8ad5c564676d8e0f7be00c96c5aa11ff3b90457fa007b3b1e0c49503a4c74efacffd824e089c92d0e5fa6e3d7f245130e8bda9d4179b2653b419
-
Filesize
19KB
MD58a1dd575d926d81aae2cc3921e14cb96
SHA1db2565b4f1ffb58c77d5ab80c6fd03a6c69316d7
SHA256aa196f55be0f87442b72584764386be974fe94dc64c0136cffda9299660d145b
SHA51240acfe94095a53e88e4568748acc7445ac8a1ebeced632f0f65ee4c52683e69d2bebd2d32610be0e27c6740752195f2e024aa2eccf19f61c6643ef93b2ad404c
-
Filesize
3KB
MD5b9160d8a04bbd57427f64b223c64e925
SHA189900e755c10ddfb730f6573363ccbfd3d4cbad8
SHA256313a98273072872eaa00ea9363816a3f0653d755d73a73eab3e1ad981068b249
SHA51222c1c136271eb565df5834d1c14d9c5e48dba7d1ad1dfa287fb28e3a64ed9d7d61d6471888123a04cc03bcdc8ec3df51fcacc523809b6c352cd382b007dd84e3
-
Filesize
3KB
MD54ac674a0aff7f563c07acec1a53be9a2
SHA1aae1ec841ccb5173a586aeb93eccbcac5f8f77b3
SHA2565a88adec029edebb2a1316f484bd77e17bbf1f8da46bd0285667cb8392e36587
SHA512f32c1d5f6239003c176ebd27819bc16f340c813e3568e241e1791716c47d39eae01a0f4485affb028edae617752e5798f7413270b5a6c6666a45990981147cf6
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD523642ff801d8f3eaf629e6f610c18214
SHA193fe3bb330c4fdebc4b4336148cb44253e234fcb
SHA256add2d6ed3aedf89f53a8a9600e8a40b20e38c536d7cd0eec055ca3f9c3e80137
SHA5128e6f4629ac061497d0f34eaa69a295778042a10801f3d3fd7ab456e04245d325dfc081557e72d1a464563858440295989a4883bf949faadd1e42c6a46a47511d
-
Filesize
4KB
MD526543dc23e44c8a37f0e0fe2a55a9310
SHA15e31353c9b66c5fadc98a44582154286844788d2
SHA25609b2007db70870a621b6e4dcc4dd07e8d1e5cb60681a3b9bb03df5b48034a99e
SHA512b228aa33e3eadc26725dd9678b0f8167d5ed8ab4f3d6402e3c832562f8bb9dd4e2e4bb56f819129e7fdfe5d39fb3034d391d7071cc2361dac7b5521831554ed2
-
Filesize
5KB
MD5cde0989d9f537197039ec6c212e81d45
SHA10c90e7f2e80251a9284b47020dfb91c0ddfb5d06
SHA2562a72a228767e6a8fbeb0255d69e865df6a2d793706ffe24e2d4678f3fc9c7d79
SHA512f3b88e610616a3dfd207c90b4b2e2b411ddffa104ecec8059fb857ced547bf9b7cd37582662812d5c802de71f9d6647bf76f0dc7836c517717a9aa697d432ff1
-
Filesize
5KB
MD548014c5e59f46d36163a86c327cabb84
SHA188e2c8eb37dfd7f2034827d37ef452476dd4df89
SHA256e569a44ae5ccfddd6eb1fa224cd4896fc8e5dbc0fd64c2fe4ff657d16c4773fa
SHA512ed3eaa98cd254319e4ba0bf54853289bebe581f5d119c3470698be80277176dd9467408d3bd2ba2469b5c5be3f8c36ffad3b71db0fda595ae345ff69868b7982
-
Filesize
9KB
MD5595220d7a8b1466b57ab9d97e45f320d
SHA194960719577ca89eea81642ad5476cc882a14695
SHA25690a8429cf738c108d9d63e82f189639754f1cbc32d44577cbcf99bb95fa76035
SHA512449947486db44bc73aafbb58a827d2353edbbed75129e284772ba96e6308beac94695f2a417aeb2afb1e2f91027722fa726749f4269506f099eb3564aa61670a
-
Filesize
6KB
MD573b143da89b9eeb6cea35bb462c6d11f
SHA174a26a7cecb10f9f7194e6d3a99aae3b0c621c06
SHA256010c8606350c87d9d318c3e1351cdac1aeadb40e31914674fe170135b9171047
SHA51269ca7bfb62e0176cf59e932117f3b339e9a987ab9bf1e9f8661673c2e40d408dbd8efc7cd623d965459e0c6405a07fdfda8d74efb7e162909962ff8b06ad1fdc
-
Filesize
9KB
MD52809aba714ee13b6428d6a2aabe0d03e
SHA1a3206205209bbaad28a1cb39a6a1eea676cc1a44
SHA256636cfc5688b898e8c8af3e85ce1e64a42d9e8dbea4e6963e97ea86e71dfe565d
SHA51299f3624d0984d3fa5001c0a1bc7e4ed6c030aa2097ec927ceab56ecd88a8b2258784f2f3e5addb6a7dbb19e582721da60fbf7051d746f3cdcfb66f0aa6364a7e
-
Filesize
5KB
MD5775c2b7d3d533be75a79e7b86e4de7a0
SHA1efdf6061135f9aecfd8210d70bd8f10510c7292b
SHA256fb28cd90c095a81ddc3a066ba1434ee834af56a0c474943290ed9a715bcbe56a
SHA5120acdf4268223c5156223fa0c9da5e7f29a95e693bc3a0e268edd274867ccf357508a92d33226d1daede04fbce6166c63639ce5c30f5260b4996cfc02028461c8
-
Filesize
24KB
MD5fd20981c7184673929dfcab50885629b
SHA114c2437aad662b119689008273844bac535f946c
SHA25628b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75
-
Filesize
2KB
MD511119443230e99df92590a9d84a4d513
SHA163b815fa173baa6efce4564175e61cad3840fa56
SHA2567570d4f525bec1a6802e03892458aee33f28d3c2175fa60ad8a9a6ee8fd8fd52
SHA5122b3b752afccba8e3771095d713f98abe1c60b2a8b3d12b0710f6a0a40b6be6a214af857cfb37b60b94e4be3f2fb9985a1f3953bbb05696eb7bc733d7b7442411
-
Filesize
2KB
MD59ff33ae706057f27594e4e10cd340250
SHA1a94f0860a3f663ac25d739ff136e3caa7ea55170
SHA2569531d31017ca9358abb7791670fcf98cd5e2dad24e68c08a5c3aa5988db837f3
SHA512e29f57478486a5da52c07e710ed10f93eb298a2d4df8a7326ba5cd3cb71ee52395dca690274679e76b3ea43b26cc72a3502f439e261be408cd61b195b9ffedd0
-
Filesize
2KB
MD58586b2ce625d275b58e381e5214368c7
SHA141a85b4502f2b92884d13e23e991a11c46135a09
SHA25660e3fd0d6ba21a54b5ffa29861b1c87350062d2adc89177613e47f0724601b3a
SHA5121179abfd0856f2f1d81433f9c70492b32fdd141bb3b546ca0b026ca6066ab7caa114d2bff072bc7641e0fbdc64ddf66cea5797f60cb45a281370901744eb6f01
-
Filesize
2KB
MD5503614a06c0e47f47169e1a98b0a9b4c
SHA1ed4ede7ceb8d1c7572a3b022cc0573fda3ecb21d
SHA256630d9d933ceb9e4067abea49edc29eaae7b4710339bb41296c5b2c80b2861e20
SHA512b59825dc58e9ea131b64ae719fcbbf5428d372c71216f8e66a071eadc9a405ac69122f9e58033217e3240d4ac6354c5a368e0c5d51fb6020fa7e3731c81fd485
-
Filesize
2KB
MD5527968e7f8a399a34b530a9dec1eba34
SHA17de10e7f965acf72516ddc15958d9f274bdc940e
SHA25652ed5cf42103f14be0f339298a8a847122851476fb1f741c1b5c08746e819d3d
SHA51212a2d6d944b4e7956c83eb6d71f21898c3aea3346149d9604f109ad0079cfcb20ce80fa77643f319c1340f5d5daeae8165951e21a10145d1322513a541d52b89
-
Filesize
538B
MD5ed78042c5eb658a997d5e1cae7b28ed5
SHA19944d58c33e15b9c90d44f0386656f5123fa6cc9
SHA2566be9d54cb8ed5282344540885dad99ec0930f582ad7e87f5fff311db8a0d4bdd
SHA5124883c2a14748180dfa0415b161d820436f83ce588eba11a52b273394450fe2311aca8510cdbe2ac73d7fbf4c51f71b14cba743e18fb14a6a85341c1a9d721f66
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD565c72493dd7f0db7792609d19c3c99b1
SHA1b26fdc9f43935301592d7bc4145583c574f9ee1d
SHA2560bd5ce536d5556e6440ce0b139eccec453d1349c8014505e19645975e38a230f
SHA512e2d2d6ac2f44c4e1fd16f6dcfd596a98685eb4dafe9a3313f9df029b6dc13639d0e4a30296fd2d8e7904195c900219d323ecf8006d5f689292372345a859804d
-
Filesize
12KB
MD5b068013bec5b7599a018154ca531af87
SHA17923f68b40651d3891ff026da4d8c9d82edc7736
SHA25693da695ed290c685a191a9ba3ec16a6ea7179aca0138088322389b2df785b06f
SHA5120199065a957a426a7a650652ca309f2b17f7c724eb1844153f582ca1476c8d9aa8cca7adf0624426558e97659b4c43de40f2d9bcb18e69c029aa654c369ae1f2
-
Filesize
10KB
MD5a7c4c4bce12dd38bd2b5b81bcd88dd9f
SHA10cc60aad975a4ba8dd87a83e65c84a4a95916743
SHA256edcc905d178c3684bef262c228313143f45ef31fe7edfaf9c791d727492163e7
SHA512582290bf0f9d6161427cda45fd33b443c3172e4d8f1592b5d1fa4bdf97c080152a3a73d82cd92fbec28b8b2faa21f9050706a36cbaddfae042b9a9c2fff4fba5
-
Filesize
12KB
MD5d24febc776a3c60366897bfb1159e3d5
SHA1d1e2fa69cc688826a04050c1c48a8544223c9541
SHA25681a4af27a1f8c4b00886bf8fd8e4126d49ec2290ad2472e5108dcca4cb473bff
SHA512b5430bcb9ab3131973b0fba57df5099ee6c0cf0ad784baefa986403bbc29ca9c8681a576ad09996a2424b1b8f358a2990b02a523b9150afd9fc97c059b398a36