Analysis
-
max time kernel
123s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
24-02-2024 02:23
General
-
Target
https://www.youtube.com
Malware Config
Signatures
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85acf46f8,0x7ff85acf4708,0x7ff85acf47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3664 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5396 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6060 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12644184019780707598,375025753892472485,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x150 0x38c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d62cefeb0c8fbab806b3b96c7b215c16
SHA1dc36684019f7ac8a632f5401cc3bedd482526ed7
SHA256752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01
SHA5129fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b
-
Filesize
152B
MD57ee1c6757da82ca0a9ae699227f619bc
SHA172dcf8262c6400dcbb5228afcb36795ae1b8001f
SHA25662320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31
SHA512dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
69KB
MD5a127a49f49671771565e01d883a5e4fa
SHA109ec098e238b34c09406628c6bee1b81472fc003
SHA2563f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA51261b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734
-
Filesize
30KB
MD5ba04d67484e3b1ddc9a216d5052b72e2
SHA13ced344c479d8f9ce868557c027dc06ce1c8cb36
SHA256be3d96f737a61daa5c72987cd69103bf699b7871455ffa018b6d6e350caca16f
SHA512c05983c3f501d3f9d0488646dd695fd619b348fb79551ec1e0f437f49564febe0ea954eabbd276a1192919e579462f498510968afa406f03548f24e843bf315d
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.1MB
MD5eeb2da3dfe4dbfa17c25b4eb9319f982
SHA130a738a3f477b3655645873a98838424fabc8e21
SHA256fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3
SHA512d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe
-
Filesize
61KB
MD51971e737391eabf87667012e84069a5a
SHA18fd29644afc6da70873c25f9bf9d1c495c759843
SHA256c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3
SHA51223062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b
-
Filesize
4KB
MD59f04ff5a7ea6feeb7f0dce56099c10a5
SHA1d8e1821f4839dca65276d6d81ef1bb6d0d3aaf9d
SHA256485ca6fb63daf8bc672364fbd149a279ac62b5b435e6ebef11071352e4f549e8
SHA5124bef8aa8125a2a3e01eed9fa5ce8968ff9205ba8592246e667d188801d56c9bbe24258232b7b671ae1479d107bc6210073007f318bfd1e0fb03b14dc493cee3c
-
Filesize
3KB
MD5ca96ddd264886d08a6b485c1ce371933
SHA1e4299ab67c26cff887dd249a93bb9cb3dbe094fa
SHA256cbe1ab08b5bc07bb9082b3ef33d9039bbde6b06318058d3f469decb5e6ddb61b
SHA5127e635824dd249f1c95440963aa3a2db6565ec6e9ce9d747bc43de96c4e3deb5c80f452cc097b4d0dd8fa6120ba80fe5724f46915ce3a0f9d9cc31077f615ec56
-
Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
12KB
MD5079802e2ce1c565527a87c78be817f9b
SHA13ea9c7afbbef61458566b4443332d99a72a4059c
SHA2566ae1ea7734b90c322bd5f81d326e4e784da4330d5d34dbff07ed837a17995b21
SHA51254a188d06ad7a461d53d6de84b5c6606e5442b12208403474cda5add3ff88a5d0e5a2803aee0465ca3ba2394dfb952b35d0becd590f6d975319d98e90700a40f
-
Filesize
11KB
MD5d2f5d2a18423f9b19919f142328a90bd
SHA100f12b120869ebc888d6abcfbb48f39003af3155
SHA2566cbf313e4e9b0a34afca1543cb3fa143d744029dacae35231cfe773a65507981
SHA512d7ed73d7cc7e76ad954654c05da9ca782bd36e3d2006f51980d2fb3f4caecca11bcd5ef49a2d98d3d6b257a3bd66fb8269400506e3b0d7e23bacfba01d3cd89e
-
Filesize
6KB
MD572b7da8ed3335f3b7397f4b6cad04a37
SHA1b144b7a745f77cdaf550ec3f04c30b48a4988a10
SHA256e7e7135903b96c8bf47c13813f04bdba0686d237e10d2417c530eee5c2c53036
SHA512577784da08201fe2cf24773e0af86a7b3dc8f05fd226672c2a55485869e531409b885d9756898cffbcceb99819327566e702d913ed101969357292a32451d81c
-
Filesize
14KB
MD57f3cd17e10085e72dece12a6da5bba2d
SHA135dc556a7beb9640120c39545d5d0381f2704495
SHA256650f9139d410258b2f9e26fcff3a8ba2d9047e0765df56cc91cb05fde53ec37f
SHA51253d5602cf111a9325ad732e886c789693b8b1fc00b98a941cbb5b1d4154720740a41cc26aa188e3e4faf247e86ae4842a0ebab3b74307f7683b620ed2ae5b8b2
-
Filesize
14KB
MD548565faea8ff7583e33d549147c9d96f
SHA144e1dd235f2cec92fe9127f9a4934f5322ddb570
SHA256870cc599701540acb53aa23815f2b49682803503b60b82ef09d1d501b74a8665
SHA512594a68e159279d321a2bd3fb7683f1f7f87dff375da69fd9945109998b0c3dd9d8f250d4aa32b5b40a34edba05c4b5829eb0fff384fec37127567dbb979e3617
-
Filesize
6KB
MD559556a8e15d8d777ab1956025c11e45d
SHA178b6d32b017b4e5cd7b8e6a035246ec878dd4add
SHA2563a75c58d8d96e733a468123bd2edbef8215f7aa4267ed82b6ca3c09755c85d66
SHA512f4ecccd97f51cc80465c8c39e289326e6b369076f04d95dc141f29d21d0d42c5741a164b44a929c5541241e069c5aa472116cb39513d1b81b0e5bef0717bfeed
-
Filesize
14KB
MD5f556ad8bff8f432c34563131c627be35
SHA16e755337c727d86a041d98301aaf3cbf12832da3
SHA256e316e8bdc436a28c47f6c6ae3d47f4fdcd59b2181bc4a89eeda1fc1450375fc3
SHA5128b2b8136eba7ac5f79d1868ec3453116263bc1b0dcdb77fcffa0ce30034f10d16c79cdebe257c2650e9ba53fa7c3eb3ab4f294c7128efbe8de6ce1389548ebb5
-
Filesize
14KB
MD5becaa9413271050a5139205bc8671b4f
SHA1b1084f71f8293bf7e83c7c83933c85d940dd87be
SHA256097959f8c162fc7e91844967148570599516268d42f6eb109a0d04de2454d1b8
SHA512f3c791b489a217688deab87e49bec0afcdd65d80d463a60fd67c41fbf3317e2b2100b94dc5d9c24d1c0910818a5c6d896e87ab37983fb12bd41043e37585c30e
-
Filesize
7KB
MD5611f78c0107925f3152f35ec60684633
SHA122f2de8fa8f6919efd3a424f9848d6f8a408b208
SHA256a8120efebec509c92036d2d8b5d177041785bc955e5774fdd65db142c54cefd8
SHA512ee55e7249af6fddbbe4a5ac1ceeaa22941dd5824fcb0de6e56e13efa6c4c46e39836246757235a80b1086805e3a01579c3fbdcb12de9eaf3f53fd3c551d7b72b
-
Filesize
2KB
MD59a38003aa5cfbed795833ffdfd74cfc3
SHA14fe6dcf77de6faaf3651ed9039a6c496a436a2df
SHA25689dd7c0b8946ba545671032ba0e91efdd2173e30615ea2d94197819e11ee1947
SHA5124a3b4bcd7efc48b578edcb07d712f5b463b815d23b29aee0479f494572f754907097629e129cb4a0c94e2679529b2f93bddb0386e6f7ae568ea56256bb204e9d
-
Filesize
48B
MD59f65a609f9a3879889bb11146a59c0f3
SHA1cb7f0fa29b46a4f5fa0d63f4108d181663c009aa
SHA256d8810a9535f62e81891e256ac0b4dbb659b0acf95769aa0b0bd73c9e981e0006
SHA51208ab8f8210ddba7b72ee79b1f9324e34efe2bd307795280f70f47e3d57dfb2c3ab6bd91d85e2c05eb2bb63537ff1cad80463cbcfaad2beba3671d91016a3786e
-
Filesize
89B
MD50df956a8fb1131b78bc401b609c835dc
SHA1a1a98bb0ffb96dd0b21db9edd191eae1ae85d225
SHA256e396c1caefb947cbf712963ee39f88fa95a3cefdda0210d638951de3b21514f2
SHA512cf62bd28f230b3888bb929c605a92cf4090594b7f2338f4c59acdee00e2a8dbf9cdbcd490ffe602a74a64c433e5908751286712fe1551ba71c17112b2ffb2f90
-
Filesize
146B
MD5de33f75825c40a80fe5484376ece520f
SHA17a90ba71f82e2fdb98f68f358712e427c3b0d5cc
SHA256e8739c5733ef1bde3bfd5f2b201331cba688b90d0fb596e8f3674d5c0173138a
SHA512ebf1c039a08999e3da5ce2adf2c9c826b0b6a4a5c500fda280026761b5ba124a29417b3ede56cc964d7184a6328c14ca021b70e4484ab6c651b989a74224c0d7
-
Filesize
82B
MD545752433f66addadb10f2b58d176dfa1
SHA15d3cf3175e6045ae9345d6d9613024816bc9b1e3
SHA2566d53e3ea58cd8ce10503462bc9ba55065b370e43ab44f9f2c2ca41514144351a
SHA5124bc357b2c3aefab4f93ecaf82cc4879563b5acddda9c9f9963c22a15452b44b3d2933cfdb77750569a45feffcedaadddf5ce4c6d9def5ea66bc81c352bd4d1b6
-
Filesize
84B
MD5cf10842189fd4054477ca4e0569a30f1
SHA1a536835b9f0e9521ea171eddc47d9708b76c7bae
SHA256ab35f87a347da2395f1284764d38b9cb96b086b9bc5beed8b3a4e1f900ffc188
SHA512dcd9c4846d965538cc320da0581826fd4f8ad7f63dd85dfc271fc086a6b4bda7381acbc73af50bc141588a838c058652d7703366ec976c8578e08de5b9bad169
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
48B
MD5263df1806570289a5a9d96365ce37026
SHA117d9830a06c85abf4c2e023e796e4a97468004a6
SHA256df9887e7216d24c1fb6e56ada3b86258f047ad2e1dd2160b6ef08528a4e81191
SHA5125d1091be7e3dcae612b04108d053b71e60d31bb9cc80474e9ad3a1db4180fe49a543a5dfb5a59cb5abba701a67757709485e492765759ccdee11d303902afa12
-
Filesize
48B
MD5d4444060ab964876d4eff4cd9b181f89
SHA1185433515035419b4e7e669df2815a67624d7c2b
SHA2563567af732dc0439865b5d9c2ead6f2eb388772b5df587e6f2ffd84bf2db4792a
SHA5122aeccfd98a9ce9b65eee53a04078661eb41c29ca2f632a671ae38ce410c5074563dfff67314fb3848631b10a087739b89522bb0919c7c99164dfe533b3822335
-
Filesize
5KB
MD5fc2ec009071fffea352e1ecb6c63dd24
SHA127fc2bbaa2aa3299d68f82b2c705fc27880541e1
SHA256c7e740f76cfb8d7fbb5551d43cfb78c40cc4cee13ba3679a1658455e7f5569fd
SHA512758e35ea94fcfef631dddc580e5100ffb08cfd2e8f4ea07bcbaae9db544d9e9b29b0b71261ed3f890b5a7f5a23a478a49ce3fcdc3fc6d592b14e3b75ec6723a6
-
Filesize
5KB
MD5ede71ad9ab3d01c654cab4923a453c9e
SHA17b92aaa93e94f62919b54dfb721b79ddc85b8bf1
SHA25674a31992054eea9827254a630476f9b5889a10508fe9c797649bd2522fe2d8d0
SHA512082c529faa100f4f85182e94613c14e563ed85d1e0a816adeed95d5213d886c524525099b6c2e42b0a6e5b0207c7500d10d9550ae17e71cc7cdeee9fa2ddb98d
-
Filesize
1KB
MD593d7596c82da61aa4bbb70bbd98b98a0
SHA1bb75b534ae32cf877b4df14f25e867569af005cd
SHA256bc6796869efdd47f6af643cba1806c010d5df819f971ebf25d1c677daa8ac5f5
SHA512586c35a5fbc26b22dbb47b014ca8333b5bb68e7c27988736edced8abf61dec78686fbe55e63ea5694096ed1072fd7d8c5cc979795bbb121bf7e8576b0766656e
-
Filesize
539B
MD5a95c9a9138e97211360c112a4f3dae12
SHA171f4ce653df702e19dce54828c6c36e748a7f07f
SHA256a62a702d044098045340d3d0f09bf59dd722382fb54772196863aba3e3f0e929
SHA512c7e37afe4f948d3619565ac404df8a237a102ee385b4f732d015586bb9c56dcc2051c25d87c674df28f27e449d5e71afef4af60f27593ab68b9586d7f227757b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5473d025d5358ff919bc6e144bc201963
SHA1b635dfc3c25ea51a9b51ada5f5b486c1833c34c9
SHA25689df3643940bdb2e70c5589c1b116580d178a59df985295bb67f7f98a55a0d69
SHA5127d9a6a763303cafb36d49b86c0edd8e86b777ddbc74398313a3e2fc44d8d7ed44d917ba64b1613bb2ca1911c108f1d78335630917533b7a3e8a9b697db64c012
-
Filesize
12KB
MD5c9d2ec68f8454da32e45133ccdd06108
SHA19564c0e23d8327a02c6e3b2148423e1bc5029816
SHA2560b235226e0b0cd139a87cd0406b0035cfc404eee52f6c3b0b02a94f782987a91
SHA512fff5cd406c1222089d785066a8304e79e1ec38e0fe64021b67c3c9360176dece536c8032aedb6997ab107d69232b3d9ab8a54d20d3f25200d6e39c192b413ef6
-
Filesize
11KB
MD5069a61649bf6ec58e4608f7325aa0d15
SHA18d6dde8c54c945f95ddc92950e3573ee5a817c2b
SHA256e447556d39723656618f137a813a8a44c0589ec84b191bc4d23a10d26b358ce9
SHA512229634cdb19ef5e64704042d51604ecb3cf89f2248618852384886a658c0df7d02a106210c73f47ae4cb2c1acb9ad5ae2405082265868d0bcd6265d01ac65f45
-
Filesize
10KB
MD5e460b8119cdf227b234e9815aebe964a
SHA18ca4880ed84452e40c407bd56b1a90b260c9f4c3
SHA25603f7fb2e6bed30b42599a6684d8d09833f5230cd54352d6d3ea65a2d4e067ef5
SHA512afbbb397f062e5f229b4694482d24a3233b259d2993bd3d68f7e7b561782d1f46ab705e634ac3aaf80664357069d20d1b740ad198591579291add275cc3b278e