Analysis
-
max time kernel
241s -
max time network
275s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23-02-2024 23:49
General
-
Target
https://nexus-games.net/game/idm-internet-download-manager-free-download-vpc/
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 42 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nexus-games.net/game/idm-internet-download-manager-free-download-vpc/1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc00fd46f8,0x7ffc00fd4708,0x7ffc00fd47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5252 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Internet-Download-Manager.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Internet-Download-Manager.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8340352233387786585,4681742368271505453,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5428 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f6d41bf10dc1ec1ca4e14d350bbc0b1
SHA17a62b23dc3c19e16930b5108d209c4ec937d7dfb
SHA25635947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770
SHA512046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13
-
Filesize
152B
MD54254f7a8438af12de575e00b22651d6c
SHA1a3c7bde09221129451a7bb42c1707f64b178e573
SHA2567f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b
SHA512e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70
-
Filesize
11KB
MD51d9627b3dcbd10fb5ac027eec49a0ed3
SHA15dba33fdd473650e716b03040dc887175686aafd
SHA256d0d02d7fc679be6fdc138c6384cd72ae4c38688beae060afed6540a48d9be131
SHA51283766244ca52f76a1e7b4c7ea711c8dc35d9e34416d863d45731ecbdb8280e00e6ca25952ec79d157b69aec4040527941791a4a10f46e309118ed6a1ef6cb7ab
-
Filesize
1KB
MD53cb4d2b3dc7dee579b212f8a4002b1e8
SHA101739fab78e96360adae5adcd2197ea91dfcd227
SHA25609597955d8df4415491097b36ff7dd1663c49e3bfc8bee9c8ece7789348d6877
SHA51298acc296c2166208e647dbbd11b6d8b74a98f55b6f3985b55269a9b5ffe8a082b0e5ccd56543832ccfe66c1b3511ea665096b58c55854ba4e5a7149d62fdd834
-
Filesize
1KB
MD549e017a677cbd5e95899cafada4c65d1
SHA12a30a13e470b0a7f3be37bf744fda18f0afe65d2
SHA25694016eb52cdbd10694e58ba53a77d8cb1450d51f357fa88c7210958c54e6828e
SHA512800ec6fc7b41511eb6544c4b3514983cc7f6cb21c96540ff8f486b4f8aa968f7a2135a54824d005896aca27da11506e8ec37e81d9bfc305b263ed38b13af6b8c
-
Filesize
9KB
MD51dcccdf26695075206c732bc05c40960
SHA112aa5b277fccb2d4c77c477e30782706fe9f4e54
SHA2563f9afc045a712fa40912b3750677c6586676ef49de4a8f189b2de3e53b782583
SHA5124000b359c26566a55a19edb8c96ca62e4115c78ebbfa60fe6c607f29bd7aeff11082a8d8cefaf46b51e602f37154c47389132bf25c6e424dbeb093c543f1d7d4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
389B
MD5a736061e7a759d010dad625bf8ff675e
SHA1f2a8810c21df3e4be46f2b848b47569af8b46dc9
SHA256fa23ffd9ddefc5ec468fd152a59d49199b3236142e8aee765f4de7887749657a
SHA51229069965ec58fec0e87ca6efa586feaed440ac6ab6c9d94fa962c4b00826776c189e0e1e87902c7ab418ff9da8f839bc2272ee164e656f13860f957a8f63200d
-
Filesize
389B
MD5e00535012a5135ee7707035204201a9b
SHA1047d51c6a5bb884b5ed4ce9379a8f93d4fdbbf4d
SHA256deea06200bc5dfb676d576b06fce299672c58a8445ab8a44dcb4b8dfccf1eda5
SHA512402c78e8818661b2593ce252da0044cc200efe75be252b8057bf2e81bd16188363238667995b3c09998e4e2a7c8920a94a7aa094bdad3ab38f50c1f1e6b47ef3
-
Filesize
386B
MD5556b933d617242c7e6be0da07a736b74
SHA1b99296b642995eae1b9ae6f9f0599b5f1b052f2d
SHA25619e0c98ae6d1740a8b18c28cab42f0ada6875c8c634169d8580a863fa6856067
SHA512d33fa49e329d5391d81c331d35414b81e937e4f3e5b2d7f8b10b846d1847805497eae23108f2edd3ae192b6736db4cfdd8589c0a28521058d97bd268aa465b65
-
Filesize
349B
MD55971760ad17b456972580891c910a8d5
SHA1315c4ff2d8f41dd37e1b7cbf8f93245582bd7bfe
SHA2565efcab2937b3fadac5382a93e6c1de17850148606640078edcd29ef31ee39dad
SHA5121b0ff870d1df9111f60395c32d2aabfb33fe6c4908a64aaa2908ec108babc69cef58f5b4786438fccfbd2ac7dd90e5a4d8e5445b7697220cf2ebf0f9185afd9b
-
Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
3KB
MD5d88b057cbf0184f55ce6c03e70954f2a
SHA130a2c6e360837875b2b850b74ade9f7f41fa71ba
SHA256938d56f7e36ca77a59544a639c4860956be7574a03a382f9a1d74111e326f173
SHA51257171bb77bb3b193e2329d2993bb97ac78a1a5ee7bc0fde3511ab77c15602b8f0fb98eaf7932aa0a0e77c398b120b45d96ed7da5b8782e79291f1259c5301526
-
Filesize
4KB
MD5a2b8e04dc0e0e56b7f9ba8f17ee07d83
SHA192d1c297216601331d4a769ca1b8c8d4ecd15f87
SHA256a944628352dabff4ca8806aeea3cd6040ff66839c3af30560d4024582ef1978a
SHA51235ccf9aba7c3f79e13dfa92efbd256322ccc7694007f69cd5f0644e4628a04c1faf7c7d09ebc11f3b008c5b48f6b96442169418df864f421f042124038dddc96
-
Filesize
4KB
MD57de6ad33f514a3481bdcdbc56f17fec0
SHA1831f61148da7f475e2e32764d29c86ca30a2b0bf
SHA256672d9530ad2d7d44f3c8017ee66cbaa21bfb33e86c34417b39a1b1b11078be4f
SHA5124774b3c441b0faeb0307f95a8ea17edfa26aacd2c7478c8d162618b455005df557de0dc139743cfc2c080fe4aafe0acdb6958a5b2b6fe1cfad97c52771600402
-
Filesize
6KB
MD55baa5d5310da101c492d44fc30ed85bc
SHA16702a28f7d216ba73c99295d8b21cd57fe56b37e
SHA256431864a2137a50e1bde8e58ec513e603fdcd0e31df6a17938139939ebbc7aff1
SHA51236bbc9846f9c3169a8bc7fc3270c76e336dca5d4d8c98edf899a2533d59b19799d392a1845acd168f6af79760c73b14ecddc5a4aa3ed690aada3ce2ad3caaf79
-
Filesize
7KB
MD5a4bfa30a15a31e0c3652e025ad6b1d8f
SHA12ec2864cc0f0de6cfa64b3f2696d9dc2ddfb10a5
SHA256cc7fdabca9c7b317018580bba8e2478a8fd424c384986050264c46abdbd0e389
SHA5124763d5c27708192fde0da8e5d63671904f896d971043c40c8e94495dfef15802762e64be31c4c038f815d7828bea7868bb6546eed2d22a08531c1327463f903a
-
Filesize
10KB
MD53d1053da33feed6f6ee289789db9ab4b
SHA1f6c7d19b64c8eeed1773271d0db2762ad8ec99fb
SHA2568c29f9d226bbf8d1e15dc8cebcf773e6a1e4e3ad87835f73535440c76c6cf8cd
SHA512f75b28acd4f1728b441fdf8b74407874c40cbcf325fc57a688abeb99bb38c22ea4fe7b57d16b516d2cf1625844ebced1bbbcf3ccea692b304e839d507a8a9d49
-
Filesize
9KB
MD5a40f0a0b556fb05ac5d42c372180c35b
SHA1a8ba3e23277a51c6d5c92d773cc21f21b1a5a364
SHA2564282fb13f90701985f21386caf12351b14861fdce4967e279516d3612e995058
SHA5120902030fc3ef7015916311256aa196d1545f14a37f86828d618e5805077032f9446f2ab50dd4c90ce0728137ef0b5a27fd7f26da3787d7ef459ae8140f18ad47
-
Filesize
9KB
MD5542392bd891fe024fa5d986044e2f307
SHA1a70a02642b552aedd410c2cb7d3cd700b54ba1d0
SHA2569dc725b17e937fc56505a42304ff6db1b2467893f13dc090e72897c20c48d7e6
SHA512ef92d5421c0f6f76cd3a0366d650b7a24b3f2fbb36e8b46816a35bb175f8166bb3e076430a5efb24bb0de6346f53ba030bd805d3e0dc7dbd95c56a73c4070b42
-
Filesize
9KB
MD5e5e86571311c7aa4c2d7e918d9aa5f59
SHA190ebfe4066d2dc0b6a8fc2c53affba78db301561
SHA256e0ad1f019f87d302a7daeabaf822fc2722bb893d7077e21eb2b9d2b06a29d9b7
SHA512996fce2cfe6c719531ecab45e13e9f0bd0d44206a30cc35d1b39203198d941a93948d38eed6b0a09dbe6777547b9ed198d0fe22a1795e0ab72754dcaced7368c
-
Filesize
2KB
MD518bf58cf982b7facd03c32aa94766f3a
SHA16d304c05741cf4af771e3af69a0efbdda096a8bc
SHA2565a3c0aaa3b4a573f74ca88827604eaa395c3d762fe7a2d062aaa400630a77d20
SHA51259cd1732b075cc80bb591c1c39f1b4727f86994aafc0ea7c686a70e0a78e4ebb808903d3bbeb667d483ff35e0d1016dc4570768f0f175c47078f4a5fae480ce9
-
Filesize
2KB
MD5f380c3e1b8354ae4fbb599071c265924
SHA130f5aafb8cb02dcbbbf1dd1132ef3a4da6342cc0
SHA256bf77ba68419cc414119abe1e4bca79bcadb0b1a810ef8b22362e0b6f11a387ae
SHA5125661550c40caa354b62e9fd9525442a118345f0d6b6df91101b4aba44fff07cddf0ee62ac9badcd74ca4b576027e217cd80dc76dded2a391b45ec4ca94a64de4
-
Filesize
2KB
MD5fe8659928940ed84fc64401e0dcea8bb
SHA10a287a233928d91d3cb6e43d10d5a4aeaca9ed8c
SHA2565c893935b1159ec19d5e86cc4f38b5645b354b7c3fef91dc7bd198a08653c19c
SHA512d67970bead174dadb83ca37a4e34cc516fd47c19087a8bf9708e09f129a968513750d9827d78a1859eb49db6be0ea8336cbfdee97050476e2fb3e69a4f03c02a
-
Filesize
2KB
MD5c8b6b162061ad85032f9d4991b70db2d
SHA153eb7ce7b34b7f79b90348cbbd84c0b08781b8af
SHA25610bf8260ebf01242c7dd0e92958f866740f56d6a31e809fb7f8a314bc69021e0
SHA51217be4a20bfa0dd3267563e6cc08512634a7e31c9e2c6ee88ed27b919b66fab6a59d1596428aa79e1fcf09152a4657a2360617938c105391071fadfaff39b81c8
-
Filesize
1KB
MD5d7523fdf0c4c1ddcceb78a9c32e718b3
SHA118971ff780930a84d5287dda1d59fe0c0eb15c15
SHA256e533b10e7458dc4a10962250b78f00c8fd212920fe2c6fa0ca15fa0b1f6b75d2
SHA512182237c320160a883096f3850572031dbf83e2fb391d741857bc0079ef2a5c7d736dfef5d5a5375695c76cc97b7981b301e0ec9b8524329929a9dfcbe975a12f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57cfdad486e1c37c71b4c0b758fc56492
SHA1e4b52a6f80ca1a1abce387f784d183a66fd60dbc
SHA2566af12cc2fcd10c9c9cb75af3c9b97cab76e0fbcfa273bd9dc8e558225ccfc0b2
SHA512339a8e77b2190d59eec6973161a329c98cf9ba90a46ab4654c22818a0533a4eda46ec9e0615e525e6cde813a8bf0594c1f7570e5bc4dc14172d011b1e4ad0d30
-
Filesize
12KB
MD5fd016cb84bb43b1324ffe7aa15b12a73
SHA112f666b08c1df197be1f4edf071973226c177512
SHA256cbb60fd4487edede1b4c601d5f37ed94f9202816f722a05918c8f80097d71eed
SHA51231fd620ac267714264970fe0d55c89139cf586293ceae5af10192ba400472422c29df8add607a6c3a45e2adf69c84cd95b7f4eead859b5d64472496a38a1128b
-
Filesize
10KB
MD595c77eedfef174b77498e42d85e36f8a
SHA1ea603c23e083dcf11063955f7d8b30cb116211fd
SHA256a69b23af0a612281f29213493b3c574ed0316aa9063cc3fac77ea4e4d8e84188
SHA5122085dea75594bf5d0ea6a8c9b496f0837158793a90a9d3abf9f027a25d57020f7573ee821dfd94c31c5863ae9596f6ea52c5821c5518891a277e8f4bdd68f64a
-
Filesize
10KB
MD572cfccade94615278e4fcd67977668e1
SHA1fef07e2d8a9b0f5d6d2d0b32fa4f90940a536018
SHA2565ecce1c9d11a6ca2394f016ee2af1f7ac34d1f7f6e6155a9597d5d8714db7d40
SHA512adfaa614d66be394a9b6fb49751a0bd604d5ba6e8503404932ab92ad8f5396794ac609bfbed90f6e240806369b85df59eb5366bced3d7149018711290997afa9
-
Filesize
11KB
MD525184279687aad2ba6057c811d201dc4
SHA1193ee1f90aae1bd0906561e9d2ec6a4664db241d
SHA2569ad5aa661fa9d12687df7e7624361b7b2ee13901a2ed331607ccf2ea9ad1f52b
SHA5120e9c6d6e3f74f0afb7c564aaae6b13e4ac43c7a6f74a66b57da4cf308a05c3b2c8530d56075ed5b44fd4ba64b6b396dc7e9c782b59928a2524ca70a6334aa981
-
Filesize
11KB
MD54e723059181fade70670de0ff70f058b
SHA151d8b8dcc0dbdc0d27c75f9ccc0ac3e8c9167bd1
SHA25610160defa4542eab6343a0d3566b30540a4ba9c4bcbacf9f6e71fe27069a503d
SHA512c0f67815baa590ebd98d38a9ee2ab9f5b49911c529fdeab7d8d35caeb91da3c7942c3ae14108ee740d5538ed431b30c9aa8baca531df13aea33e3a8dd89eead2
-
Filesize
10KB
MD5ea29db6e47aaa52c2b17f786080d344f
SHA193a97759018379988c6166ded4217277c38701f1
SHA256050440d16ede9fd818d24f24526250289a67f815cde7d7300ca2fa4337d3f4bf
SHA5121d62ec746309ed58412e9946d90a7adf82e180d9ecf2cc51261409b13f2d5e5f886121a3021b7176260c5731e74d94f06ebf816bb5bbd9b8a9906271591b0046
-
Filesize
2.1MB
MD53fbe514e0650e6d451f658059d9331cb
SHA188f894d105881186df7b9c78ebd5927bebb1c318
SHA2569e5633492555c51e340341d025493df5255297174b9471559906a4b08b006644
SHA512b36899ca947ade4ee5fdf47745c2edbbb62aed9ff09c16a81f891f1ffde6d59ad9cee3e5514ae2371a59de5fe4e91715f190eaf398cd74129e46ea3986eab825