Overview
overview
10Static
static
10samples5.zip
windows7-x64
1samples5.zip
windows10-2004-x64
1104b5623d8...d3.exe
windows7-x64
1104b5623d8...d3.exe
windows10-2004-x64
1160010289c...02.exe
windows7-x64
1160010289c...02.exe
windows10-2004-x64
11a757d4aa5...6f.exe
windows7-x64
11a757d4aa5...6f.exe
windows10-2004-x64
121ff399e57...56.dll
windows7-x64
121ff399e57...56.dll
windows10-2004-x64
13c311150e2...bf.exe
windows7-x64
13c311150e2...bf.exe
windows10-2004-x64
13efe068c64...0f.exe
windows7-x64
33efe068c64...0f.exe
windows10-2004-x64
3403be0442e...17.exe
windows7-x64
10403be0442e...17.exe
windows10-2004-x64
1049c96478e9...66.exe
windows7-x64
649c96478e9...66.exe
windows10-2004-x64
65154914351...a7.exe
windows7-x64
15154914351...a7.exe
windows10-2004-x64
1616ea8ac34...858437
windows7-x64
1616ea8ac34...858437
windows10-2004-x64
16a637e90e0...bc.exe
windows7-x64
106a637e90e0...bc.exe
windows10-2004-x64
9759c06eedc...4c.dll
windows7-x64
10759c06eedc...4c.dll
windows10-2004-x64
1085cad059cc...20.exe
windows7-x64
185cad059cc...20.exe
windows10-2004-x64
18ca6b7929e...3c.exe
windows7-x64
108ca6b7929e...3c.exe
windows10-2004-x64
990ef3f841b...77.exe
windows7-x64
990ef3f841b...77.exe
windows10-2004-x64
9Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01-01-2024 15:27
Behavioral task
behavioral1
Sample
samples5.zip
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
samples5.zip
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
104b5623d8edd7e56d7e824d900ef57cc085ad7b2935c794af58de87d4f8c2d3.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
104b5623d8edd7e56d7e824d900ef57cc085ad7b2935c794af58de87d4f8c2d3.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
160010289cc38de42f7b75fa817a6ef7931bfd8aa1370fb09559b2e035e05702.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
160010289cc38de42f7b75fa817a6ef7931bfd8aa1370fb09559b2e035e05702.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
1a757d4aa506d48a09ed5cf0c8f21b6d65a55f5e8aa736873a9e523c4278156f.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
1a757d4aa506d48a09ed5cf0c8f21b6d65a55f5e8aa736873a9e523c4278156f.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
21ff399e57cc306a1ae1daab6009ea40c8aa96c39296d0f8781626de6bd19256.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
21ff399e57cc306a1ae1daab6009ea40c8aa96c39296d0f8781626de6bd19256.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
3c311150e20d76edd9274cec783068667637b6b5f3b6e1a5031a8605b895fabf.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
3c311150e20d76edd9274cec783068667637b6b5f3b6e1a5031a8605b895fabf.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
3efe068c644c96fff2a25a7351da85bad86949878df3c7cad76d83ad2f2c340f.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
3efe068c644c96fff2a25a7351da85bad86949878df3c7cad76d83ad2f2c340f.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
403be0442e847aee7ca7553e19672112450f2e034180a1f57eb8a6d7d39b8d17.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
403be0442e847aee7ca7553e19672112450f2e034180a1f57eb8a6d7d39b8d17.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
49c96478e9d2b16219a7c86f031c5d8b241ae43550ce2fc2bea1d98fa90aa766.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
49c96478e9d2b16219a7c86f031c5d8b241ae43550ce2fc2bea1d98fa90aa766.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
5154914351d1abdc308c8a76474a19560a4624194feb98118d0710efb6804aa7.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
5154914351d1abdc308c8a76474a19560a4624194feb98118d0710efb6804aa7.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
616ea8ac34ae403d7094d53c0db11a24348f6e48eff80e254a93a1593f858437
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
616ea8ac34ae403d7094d53c0db11a24348f6e48eff80e254a93a1593f858437
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
759c06eedcadd60ebd2aa3790eefa40d505044080cea4e1477d845611f322b4c.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
759c06eedcadd60ebd2aa3790eefa40d505044080cea4e1477d845611f322b4c.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
85cad059cca352e70188c1744521100651a787ebabdaa8261badb0f3b6bb5020.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral28
Sample
85cad059cca352e70188c1744521100651a787ebabdaa8261badb0f3b6bb5020.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
8ca6b7929ece89d8d9050ae9f1e6c1b3dfa87217272e114e464160dce036463c.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
8ca6b7929ece89d8d9050ae9f1e6c1b3dfa87217272e114e464160dce036463c.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe
-
Size
30KB
-
MD5
c2f261985677515ab220983bccfc1bee
-
SHA1
21e324d2c8bd664a080c8fecbcd118ee040bb628
-
SHA256
6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc
-
SHA512
62066d26fdf71cd69903855ee569ae75ae520976ade784eaeb100d98c74a6b965abe371b9f14fc41a09e1a28b803dca13533b989d643ef21939ba6366cb029b8
-
SSDEEP
768:jpiSqw4KqMqwZU/Tf+5g51qWMg6FU2btWLVkn:jeZqoTfwg5HMxpRWLVkn
Malware Config
Signatures
-
Renames multiple (561) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0_HELP_DECRYPT_FILES.txt 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0_HELP_DECRYPT_FILES2.html 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 4348 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 3700 msedge.exe 3700 msedge.exe 3608 msedge.exe 3608 msedge.exe 5568 identity_helper.exe 5568 identity_helper.exe 5596 msedge.exe 5596 msedge.exe 5596 msedge.exe 5596 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe 3608 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4024 wrote to memory of 1676 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 43 PID 4024 wrote to memory of 1676 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 43 PID 4024 wrote to memory of 4348 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 101 PID 4024 wrote to memory of 4348 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 101 PID 4024 wrote to memory of 3608 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 103 PID 4024 wrote to memory of 3608 4024 6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe 103 PID 3608 wrote to memory of 4244 3608 msedge.exe 102 PID 3608 wrote to memory of 4244 3608 msedge.exe 102 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 2600 3608 msedge.exe 112 PID 3608 wrote to memory of 3700 3608 msedge.exe 108 PID 3608 wrote to memory of 3700 3608 msedge.exe 108 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104 PID 3608 wrote to memory of 4196 3608 msedge.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe"C:\Users\Admin\AppData\Local\Temp\6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe"1⤵
- Checks computer location settings
- Drops startup file
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4024 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" vssadmin.exe delete shadows /all / quiet2⤵PID:1676
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\0_HELP_DECRYPT_FILES2.txt2⤵
- Opens file in notepad (likely ransom note)
PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\0_HELP_DECRYPT_FILES.html2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:83⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:13⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:13⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:23⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:83⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:13⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:13⤵PID:5656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:13⤵PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:13⤵PID:5840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3953336110376054831,14731265112921889325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:5596
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del C:\Users\Admin\AppData\Local\Temp\6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe2⤵PID:5428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe052346f8,0x7ffe05234708,0x7ffe052347181⤵PID:4244
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3188
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5176
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 31⤵PID:5472