Overview
overview
8Static
static
3skate.worl...ET.dll
windows7-x64
1skate.worl...ET.dll
windows10-2004-x64
1skate.worl...PC.dll
windows7-x64
1skate.worl...PC.dll
windows10-2004-x64
1skate.worl...re.dll
windows7-x64
1skate.worl...re.dll
windows10-2004-x64
1skate.worl...ms.dll
windows7-x64
1skate.worl...ms.dll
windows10-2004-x64
1skate.worl...pf.dll
windows7-x64
skate.worl...pf.dll
windows10-2004-x64
1skate.worl...on.dll
windows7-x64
1skate.worl...on.dll
windows10-2004-x64
1skate.worl....5.exe
windows7-x64
1skate.worl....5.exe
windows10-2004-x64
1skate.worl....5.exe
windows7-x64
1skate.worl....5.exe
windows10-2004-x64
8skate.worl...es.dll
windows7-x64
1skate.worl...es.dll
windows10-2004-x64
1skate.worl...es.dll
windows7-x64
1skate.worl...es.dll
windows10-2004-x64
1skate.worl...es.dll
windows7-x64
1skate.worl...es.dll
windows10-2004-x64
1skate.worl...es.dll
windows7-x64
1skate.worl...es.dll
windows10-2004-x64
1skate.worl...es.dll
windows7-x64
1skate.worl...es.dll
windows10-2004-x64
1skate.worl...es.dll
windows7-x64
1skate.worl...es.dll
windows10-2004-x64
1skate.worl...es.dll
windows7-x64
1skate.worl...es.dll
windows10-2004-x64
1skate.worl...es.dll
windows7-x64
1skate.worl...es.dll
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-03-2024 06:00
Static task
static1
Behavioral task
behavioral1
Sample
skate.world/AutoUpdater.NET.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
skate.world/AutoUpdater.NET.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
skate.world/DiscordRPC.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
skate.world/DiscordRPC.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
skate.world/Microsoft.Web.WebView2.Core.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
skate.world/Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
skate.world/Microsoft.Web.WebView2.WinForms.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
skate.world/Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
skate.world/Microsoft.Web.WebView2.Wpf.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
skate.world/Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
skate.world/Newtonsoft.Json.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
skate.world/Newtonsoft.Json.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
skate.world/SkateWorld-2.5.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
skate.world/SkateWorld-2.5.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
skate.world/SkateWorld-2.5.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
skate.world/SkateWorld-2.5.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
skate.world/ar/AutoUpdater.NET.resources.dll
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
skate.world/ar/AutoUpdater.NET.resources.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
skate.world/cs/AutoUpdater.NET.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
skate.world/cs/AutoUpdater.NET.resources.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
skate.world/da/AutoUpdater.NET.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
skate.world/da/AutoUpdater.NET.resources.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
skate.world/de/AutoUpdater.NET.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
skate.world/de/AutoUpdater.NET.resources.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
skate.world/es/AutoUpdater.NET.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
skate.world/es/AutoUpdater.NET.resources.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
skate.world/fr/AutoUpdater.NET.resources.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
skate.world/fr/AutoUpdater.NET.resources.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
skate.world/it/AutoUpdater.NET.resources.dll
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
skate.world/it/AutoUpdater.NET.resources.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
skate.world/ja-JP/AutoUpdater.NET.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
skate.world/ja-JP/AutoUpdater.NET.resources.dll
Resource
win10v2004-20240226-en
General
-
Target
skate.world/SkateWorld-2.5.exe
-
Size
346KB
-
MD5
c6d06872d54963c7a7a4bb15f6cc97e3
-
SHA1
49ce10cc23154e735e4466c55cbbe511ee170671
-
SHA256
5d0c21df3bcf375e740a3f5462a518d656ca9cf4f31898379d4046b38cdd3a44
-
SHA512
f8dea053b0ec0528e8ae741d3e6d2402a28792a8080efa4a98e83afd43ff4fdf45a02f7fd655187f914949c80d34d9c1ea6739087ed94b2fc93ae96ca7da482c
-
SSDEEP
3072:qIl9mTYDNDK36o4zEsb3q3BIIi4bZIYl/I8SlrYoHfMGN2CwLVXcbDbTD2EDKPmf:qIvK36o44QadTWYl/IdtFHEs9jbTiW
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1756 msedge.exe 1756 msedge.exe 4944 msedge.exe 4944 msedge.exe 2808 identity_helper.exe 2808 identity_helper.exe 404 msedge.exe 404 msedge.exe 404 msedge.exe 404 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
msedge.exepid process 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
SkateWorld-2.5.exemsedge.exedescription pid process target process PID 5076 wrote to memory of 4944 5076 SkateWorld-2.5.exe msedge.exe PID 5076 wrote to memory of 4944 5076 SkateWorld-2.5.exe msedge.exe PID 4944 wrote to memory of 2108 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 2108 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 388 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 1756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 1756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe PID 4944 wrote to memory of 756 4944 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\skate.world\SkateWorld-2.5.exe"C:\Users\Admin\AppData\Local\Temp\skate.world\SkateWorld-2.5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10&gui=true2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e4b646f8,0x7ff8e4b64708,0x7ff8e4b647183⤵PID:2108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:23⤵PID:388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1756 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:83⤵PID:756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:13⤵PID:2936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:13⤵PID:1268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:13⤵PID:2856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5448 /prefetch:83⤵PID:4000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:13⤵PID:4348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5928 /prefetch:83⤵PID:2292
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:83⤵PID:884
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:13⤵PID:4652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:13⤵PID:1228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:13⤵PID:5196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:13⤵PID:5428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:13⤵PID:5436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:13⤵PID:5168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,3932785830354748742,9767073280126155369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6736 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3924
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3708
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59ffb5f81e8eccd0963c46cbfea1abc20
SHA1a02a610afd3543de215565bc488a4343bb5c1a59
SHA2563a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA5122d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597
-
Filesize
152B
MD5e1b45169ebca0dceadb0f45697799d62
SHA1803604277318898e6f5c6fb92270ca83b5609cd5
SHA2564c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7e8eacba-041b-4cd5-bf0e-31c16f37b0d2.tmp
Filesize6KB
MD5d3d69ed61b5502199e77ecc859eb32e2
SHA1b8653ef5259f9d6501deecedf110c73f46248a36
SHA256ec1297ade98addf4ff47e8577e5504fafe8c7fcf69ad423c0c077211bc041be6
SHA5128277b79cdb57891757dc7225dcfc80bc789b53046e4eda6f4cfa3c36618d672615a7a68d8f38f6cb9979b9b045ef76414903cc1a20fde2ceaaa7a194343d319b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD532cc0924bc7741e7702b06217846fe7d
SHA12e273f5b747114fdd10e346dc19ad1556d10d2d4
SHA2564d590f7be8b4290afe6e8b7c7f1639ef6db4f2949b89a76294e36c5ea6b10ec8
SHA512d468a3b2efc06b309b22ae0b7bedde772497ad35a3ea3349e9cac03c098a96712683ebffe77586c3c13ab3a20de779856c8333d8a4ea8ba2d88c51889346d2c4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1002B
MD5033d21c34116fde225add349dbeb54b7
SHA19aa4a60a6c9219fff25e4f9ae09a50f87ab7d097
SHA2566f6f9e269d740e8f72781a434103dacc33027279c8a096abdde602e4f2c090e1
SHA512637d8e4cbf5c3d8664c71fb45c62c3bcf7147dd2f213ee3d1a4cd7e240d9f6e45212ced9fda65718419ae336f6b2fd3e3e41140b5bab844db0c1472a76d339cb
-
Filesize
6KB
MD5bdd7f11030853c7324cd6beea49d5100
SHA1663d09a642024b4f1318fdc9a9e277bccf9d1530
SHA2569a879aba3e1df1af8f9ad63933fca2741f02f0d55bcc5620230d88be9ddd1e98
SHA5123c25d5be9d24cbeea052943f44858208e9c4887f87a16e7eab8e05d238fcd663255a79a71d6a92771fb1b951ecb74fe91883dd283bf906139c0690c07c70206d
-
Filesize
6KB
MD5f0e02e7f3b3b75405215a43c4535f13b
SHA16827d508ef34a876104a67a640e0a5a4ee651438
SHA256746e3ecbfcfd577ead929accae616e739b52661699910a0c011d3bd998f66427
SHA512f836dcd4c376fe6d1aff4fcd2ca43463ce70c0e039a74df999278648e9a5b5f705b22c4d0da9ffc525638ca0496f0ba60dca7afbec466871127031aad8a2f396
-
Filesize
539B
MD5337004f90f4331d1c919bd48d245d11a
SHA14dd9f78131b1c0324926df506b9b098bd9301ce8
SHA256f6746c26d5574bea375e250d98be46684adc8d53e2e1c8b1e348adbfcf0e383f
SHA512531b12efd4dc8c4e759f606621c54947856e9e292aca9fcda9d62f08b5e552461e299847b4462e8f7075996ff15a0bdc4c9f4764cc6fe75981c709d903b024c0
-
Filesize
707B
MD5a0a59899282092d0d2bffa2bd4b394a9
SHA111f1e35812a5270fa8e73999f56cb67f3b2b5f9c
SHA256b40232a227bb35d58ce872bc0f614224744cb43fd17c29318b2ef1392ccced8f
SHA512c37360b79a3c5fb7aec8e79b481b5aee6a1a6e70e2bb6437a5ba73e6f771af80b39a696f4cada2dcc526d766a1c536b90d5cacd5a2ed00a6cdca3d5e5104083f
-
Filesize
707B
MD569825c2c8c49755d14fc272863fb9336
SHA1271938166d766b73929b929988a6aab05fc136cf
SHA256b2117b470e5b459a50ac3caebcef3a696cb9b210868888828c84e66687614784
SHA51266347153e01ab0588058bc7157c9724443d8169d573afa8a0534ab14e9c82b234980a3e9db58228054355b7110075f36186312e4c306775a18c241fe242d532b
-
Filesize
371B
MD574b2b8d2507be3aae895687a2129720f
SHA152637cd5aae4cef4a4bc171510d0683c34dcdb19
SHA256061e9148767b1125c0524513032ab1a0d6dffd0c57dfd5c46dd1ececb89fcc50
SHA51284f45c67ceb6886cba5b87455065b9fa69f7963fb4de882244ca441f307a307fd062160c26242936b0a53669df2bd5c4090f01fb0c274c6151ea2fc5a301b1ce
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5937cd9d1dbd1c1f8cae1a3fdeca7c676
SHA11ff031c8e42dcb43de554ff8f2f7ba987f4f1509
SHA256515ed2dff1dff9eefc41c4bb7d1a26515957195c632ee8845874d98c3e215b31
SHA512056a847fbb3a151cab6e84d219fc7ec709ede9da2748828a2380118fa82964baebdbd7c8aba1de28ad599d0bc4de000f13cedb4cedd13915e2e3d71542c6ba66
-
Filesize
11KB
MD547f18ce074e612eb49e694401ed84efd
SHA1699bf0108f56883dfcbecde6068c9bbe42eeb56d
SHA25667f71728f2c57a81e58fbb7fb064896297b91d7e24038c5af1f0a0a494c3093f
SHA512b7537f7f3f4679204bf41e3044e975d3c3acf7c9600ba9c74f19f5a7bd7ca9a5c2020737182500e8be01701ec6ef34307afb269909fc3de23981e087c28bc3c5
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e