Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system -
submitted
26/11/2023, 12:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/1IUIN7b0J2BXMj9NH11kKRrgwDBm8iUgM/view
Resource
win10v2004-20231025-en
General
-
Target
https://drive.google.com/file/d/1IUIN7b0J2BXMj9NH11kKRrgwDBm8iUgM/view
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 21 IoCs
pid Process 336 msedge.exe 336 msedge.exe 4324 msedge.exe 4324 msedge.exe 1472 identity_helper.exe 1472 identity_helper.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe 3636 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 3636 taskmgr.exe Token: SeSystemProfilePrivilege 3636 taskmgr.exe Token: SeCreateGlobalPrivilege 3636 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4324 wrote to memory of 964 4324 msedge.exe 49 PID 4324 wrote to memory of 964 4324 msedge.exe 49 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 3412 4324 msedge.exe 85 PID 4324 wrote to memory of 336 4324 msedge.exe 84 PID 4324 wrote to memory of 336 4324 msedge.exe 84 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86 PID 4324 wrote to memory of 4152 4324 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1IUIN7b0J2BXMj9NH11kKRrgwDBm8iUgM/view1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff91c0f46f8,0x7ff91c0f4708,0x7ff91c0f47182⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:22⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:82⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5316 /prefetch:82⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:12⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5214405692092207360,6501725715084159935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:12⤵PID:2828
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1604
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4984
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5aed593b08b94f34dd8f68fd369652ac2
SHA13ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA2565c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA51216b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5d7ff3e462291b157719541a7874b92b5
SHA18e4620ef7ed1eff4ebece4be3876f648aa609e6a
SHA256048140da2354195bdaa6a24b4369e003422cc67e8be6bdfd52366cd459119a94
SHA5120842f980f0d064814ea60d6ffb2b334b6bc775bd4fcc33f4a4a58822d93000e754dc7039f0fcb46915f0829aab4f800fb52c672ea53f09748ee618ee84efdb4c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
3KB
MD50a6cb58d5c66f90d1d4dea925f7ce404
SHA162ed6d4e2d7b0bf200b85c4bc07c3d8ef32ee6c8
SHA256fab9b42a6b36ed559b1065b84b777a02e0d49cce9fd45886620978a379c7814b
SHA5122ef50f6214e0795819169001e1541de18e81012fd964b7a2a18b7b86af725de69ee742203e583f232858ae845db232b08e9e46d1fe5f340b08e8bebf816e4def
-
Filesize
3KB
MD5a336f6c4c7488ea2f4bfa3bd82377f33
SHA1f1b48e04e4ac10d25f9acbf1734e03194d55b50d
SHA256511f46f5aa186c93030d627f23456ec9ccef29405975ecae051f71fdae28ba85
SHA5124ea2193d7ffdff8a2892157d3012d004cb7a109317f9e58a13b395d00c1a3ea769df5655404bcb0d8e8bd6e98251418f8ff279f8628e3d4696d48fb7e808f599
-
Filesize
5KB
MD5007fe85d9ee6cef3bb986bc6fa328f53
SHA12d4cf2e60c27bacfafc0e67f6c84c9120b4285f2
SHA256a96b49f691d79d1925592180bdcc520e97196a51ca392d2e50c2a91fa2e2cf03
SHA5124250f45a89190f05696402fe4b412705efe9d5247bed7d911e92fd5fe4b339bd90f7b0ea6f9d1ee2ae47886d6060d26b226afb5979f5d40443887c68ee7080da
-
Filesize
6KB
MD5a28a3d09766c9d91b550dd3bf84fca02
SHA13451f796bc81ed296c6693780c0836e615dec306
SHA25640ac8766dc23e4ee7dd9b424c7bf61081165a179db537bd02d4fe863b105745f
SHA51237b1d8495c8234d06fc87873ff9640d6b649dda7a5d31f9bf6fc9e34b4a81141dc6c5f237fc51fc40c2e58d29bdede1e0da4f987a405810142bfae5554eb05fd
-
Filesize
5KB
MD5b6be81ba14c3971101e3350a28ac9ec3
SHA18daece0f253a1ee2b99088f52f18a5cb3208c155
SHA256dcf4f4fa062ffd6235abb21a4677abe66511bcb9c2498a2b5ce7c695b9b48a3d
SHA5123bf1f6d0869ebf6f9ea7a93bd410b6cdf9e9bb17f00e53a4b1624282974b53d70e7439db9b36e1d2822f427d7319004d0c90ab4966bf394e2319937722ece4bd
-
Filesize
6KB
MD5536cb43c882c8ace764f0e01fa804c58
SHA11c25f02b8223ae3bf297903100837b5fc0949d10
SHA256e13a59bc7c01a2a237ccf46f8e152d079fbb236bfc41070c922ba8387c556a6c
SHA5124bdc057f9b6234ccacfce2ec4ec6dc14188dd1d9ba928f8f14c8b036cc3e78d9f12d038714417b83f8e2680362808f224b7bed91c4127534c9cb928bf0c0fce7
-
Filesize
6KB
MD5c52e87089ee5c5fd3b8b094e87bbd07a
SHA1193c45246b2013287a1ede2848cbefa30868d844
SHA25685900c560b1f443cca54080509588288725cf59cd7ab637643710a584e8beba1
SHA51207b125fa59b382120051b6ab9921eaf3f28a38e16c93efb7103ef133ee46decb4997a24b3437395911b392dadf537067ff20b48b3d386bdb7658120a39045955
-
Filesize
6KB
MD592a5294be18890b617fd9946b538835d
SHA1dd2f44ba17352af2c49a19364651ec2de9d80385
SHA25601c686acd46c1a08ecc7e104848382cb71a7c9792a6e65c31734afea8a6776b8
SHA512deaec7978e46ec738f925f75aaecf03908a8a213f7776d4b8f0e89c29c127fb32972525c25511ddc0a57f233bb75bcbc43dffe50d3061e1625c4344ce5dd5bcb
-
Filesize
6KB
MD5301932a6eaa9a31ad7e7a0af38e9b60b
SHA1d357d3c3e612b09f8aec9eb27cd7de560abeec03
SHA25636a0c72c07f1ac7f62d9bb164d51fbb2ff3fac09bfc1a8bc12b610d59e59d1e8
SHA512127cddfe69abdbffd3689f6304f07556e893cc17f75884df8d7986bf7ab2f98dafb5d56d39b48ff86f006324eac57e0e2c9811206ca415a57f2c9a9948592f71
-
Filesize
24KB
MD5e2565e589c9c038c551766400aefc665
SHA177893bb0d295c2737e31a3f539572367c946ab27
SHA256172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA5125a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d
-
Filesize
1KB
MD505bceffce510ffb62e42c8803a5d191e
SHA177c3b23cd39c61d85b9f83d421d5939c4fbe8d96
SHA256074943541623eea9bcda7501e8097558bc0e0c7b81b7f9ee2a4729ea6960fb0b
SHA5126ba7ff6b92b115940131d289955916a004ba7f37d3fb59ae21587a28f02494726db834fa915f97acfb4bc17242d22c178b7d9596db47c25fa35a127ef4e9bef0
-
Filesize
868B
MD59f1bd46000b449be0204d7c05005feab
SHA1385247350465a7910c4ca2624ee965307ff393e9
SHA2566f854357bdcf22970f42961bf557df856ba78eb5d9649526b12fd351ff013b21
SHA512cfea363aef25d38d671a6c6f8e4dd213999cd95370cd7caf6c66d99dac9d2410d8b2f51b06cb39dbc97cac57ab714193465c690508ab1bb2d3aa731b4a6050bb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD596a8c41f6690a459f014398789b836a5
SHA1aab52c407587b1cfce9f56ae69fc0052a8462194
SHA2569bf7a9233920b511765ed502acfea73ed0ff9f53ac1dcafe975d8296c68039ae
SHA512680bfa0bd1ddb0c9cef2fd6a4fe4d9b0a03b1c1900e35c58af3346876fa018c014fde1017b8b6579441d3b91f44541a6378b2ac4c7916690bc253da8b8cbe598
-
Filesize
10KB
MD55645cf31a531f93b9774da9966ae8696
SHA18288cb91fca15c78b8a5be17f27f882cad4bb178
SHA25681b9273c4d38f0353a17665b9dad7acb242ef26ab1cd247176a185ce5e36ee16
SHA512f70bd311743833f1ea71ac638a6804568cc7106cf8bf00ffcec059cf8b66387102c6fc06f383424af9b099d26442f61ebf5d032b73e232411d385693e829ca40
-
Filesize
12KB
MD5d0fb1dbdfea116fb520690e2f396c040
SHA1de17e02991816d823c52837082eae0729b49ac1f
SHA2561919eba9b13b254b45e328c9fd8293b8a4651b9257c95e2f9deba47e7f584ebc
SHA512e54a5359ed506b66e9c21d534dff456dc4fb169ed44c37d6b76d389968729eb0ca296548d6716bf6a9aead93e8f40d11fb708e43ad94a4a83b41961ac1254c56
-
Filesize
11KB
MD55ac5fd3c7a2eb19b4920b92e769ba30e
SHA15523338b6b6bf81731fea600fd8b922cf0c75e50
SHA25652ba650bfe52ea15bacd8c0ca8a5165bf9d99129e621e733ef4298d1ebe15816
SHA5129132cc73790d1696c668225a0332ad803e38f32e987611d38ce05448175d0bbde2d59c78cad6f0a85da6fcbebed2f5434202bbd432be5fbb6b723685f0787ea8
-
Filesize
10KB
MD53efacc92e568897642634918c7f0d964
SHA1d39dd77eeb64f36333a7c5562e53d16ff504829a
SHA2568a50976c37a21aa017a09069a29b7a0f7b0379af3b327e74072a1e5b9ba002cc
SHA512e4e4bdc6812e22198d673c1b55d5cfc0370a08babc17ea51748e4b84b6944127bc96b4dd09023dc439b818c96b70c67b046aaede7c55a084589ae4df21242b53
-
Filesize
12KB
MD50ca68a46fc2d1efa75600f07be715b2a
SHA1b7f496b6eddaf0248b9d070fd12f881a9de34f5c
SHA256f84718ee918e5aeddd4e06d342971c59e4f21a64d4a45d8a73f342b9ed862346
SHA512513539e3c74ce474bf27685c3c767dc4d974798bc15787131fbdf7ff5205a3c3a8a31db9553c0464bbc897c22cc1a07d93cabcf860f89b2f538a58e8281c026d