Resubmissions
18/04/2024, 12:16
240418-pfngesea41 418/04/2024, 12:14
240418-pesprach82 118/04/2024, 11:52
240418-n1ymfscd52 818/04/2024, 11:48
240418-nys9ysdc7w 6Analysis
-
max time kernel
610s -
max time network
647s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
18/04/2024, 11:52
General
-
Target
https://github.com/Endermanch/MalwareDatabase
Score
8/10
Malware Config
Signatures
-
Disables RegEdit via registry modification 1 IoCs
-
Disables Task Manager via registry modification
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Program Files directory 64 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4972 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4928 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5400 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5908 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6012 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6016 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3a0 0x3041⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6184 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5740 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6548 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5732 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6488 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6776 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6628 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6896 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=5772 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=4548 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6888 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6916 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=7160 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=7604 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7036 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵
-
C:\Users\Admin\Downloads\ico (2).exe"C:\Users\Admin\Downloads\ico (2).exe"1⤵
- Disables RegEdit via registry modification
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\bootrec.exe"C:\Users\Admin\AppData\Local\Temp\bootrec.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Local\Temp\bootrec.exe"3⤵
- Creates scheduled task(s)
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffd71342e98,0x7ffd71342ea4,0x7ffd71342eb02⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3096 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3216 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3492 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4436 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4436 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4596 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4712 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4784 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4748 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4780 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2572 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1040 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4988 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3836 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5188 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5232 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4536 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5880 --field-trial-handle=3100,i,17403299303860331031,8813289284201790160,262144 --variations-seed-version /prefetch:82⤵
-
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\UndoDisconnect.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\0c1aa3137db54ec1abcdd43f5c03f143 /t 3688 /p 22761⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\PushUnpublish.htm1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\PushUnpublish.htm1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD552d8c39180c863e5e7b2607eb05686bf
SHA108c7b1cec8199dee4a87e4f77605bdc3a02d0cc9
SHA2567135428fe5e046a6dc8416f0d7b5296a764618a7fd2cc961c9f22eaae298ba11
SHA512d826c04ab54d7584712667f3c9b34fa0e6502ee7b86881c321e51faaba524838b6c8e320c2f577fb4a27e3207a8a294d1e9abfece32cf879277080e6610bdddb
-
Filesize
280B
MD5c74b3776cce259d7245546505b0af85c
SHA1db9733d4eb619d5af90089646f928ef4ed8bc26b
SHA2564e2f07cdf3c967e7b3dd31887ad8f3a129b66b31454672e6abdbdd6a4a6b3af0
SHA5123adad2b0cdb75255968db789fd3f27d917db59115d04008d9217d9fd575c2824d8132edd9c394ff1090c9d5ae40a1134cad25a30ea2cf83fe3702dd7bd115145
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
3KB
MD5c828e3a7a2d99d0f1cb75df6e7dc4e92
SHA135bda1ac6d8c66b9e205ca1f8c395f991294e166
SHA256e21e680a1b29bac4b11546e55711e52c75eaa354e4b34c57559021a88e2d9832
SHA512ab9d39c2ce184f12abc71481c822f02ff521c4cd0f346f0bfa09b8529a17302681213e682aa076aeddceb55a8fe189d502546e0b39b622df38654331a3b0602d
-
Filesize
4KB
MD585014ae30caa53c54753b9040dd7c7e0
SHA138a3b3fcd8a3cfc5c8cd790468970441ce3c1580
SHA256356afb430fd40971dc58efa7ba3e0d23be9f5d442dbe2886ae1842ce96f049f8
SHA512cb9d5a396f186e97f7b206cfc325a31dc6a2b07d7032258a61840afab3b8c6ab8826b8c09ecf0405e421a936d25eaa410172ac8c0d75573b9bdbc45b0f81a5f0
-
Filesize
4KB
MD5a34c210a719d894d607e87fb65b29f10
SHA133e94240e6d3ddaf11ea2651a99fb1ff87a1c1c9
SHA25608e62b3448258430b1f4a97e23620b6bd9ccb416df20a2fabd7597b2fc2820ca
SHA5125f7c5287a949e461391a04a5f0fb2e7b9e5ff9295f3c24e2327b5169e17993ff8dc2a01e2a906fa659bb9e51cdcc31074fda2b8f178915c5e1f1d79ae4462291
-
Filesize
4KB
MD54dfffa2e4e7a33db6be7640688f45296
SHA1af566a9576bd068eaac50239863c1208134b86da
SHA2560ed1a6ff9f27616f69cf93a27ff47712e5ccab5afcba254f3817380d9a2102c3
SHA5122c0fe5cb269cd5b4b0ea53408cc28508cc14f7f9f8fbba80e75f877454a880dc2fe6068e81552e071ebef1d82dc76e0e4847bc9534fb792e77b7989c11dc83de
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
211B
MD5a20f5140a25c1d0edc4820ce7eca7b10
SHA1951efa004a7cd707b6e9b0ca5d3e8b2f825ecec3
SHA256a2f78da15c0d5058b2757c7f8a05d09f4f201e7e3bf13a28212c28e972621768
SHA51244828e84cf6c307114c565270885d3ea4697713de5fa68d553b6e9aab352973d719dba76b967c4c45e2ba3fbdd5526a8da353774995c89e429931b1894af9ec0
-
Filesize
2KB
MD59783d9007f48618ebe26ae9a3638ff4b
SHA1bc42e93465f965b901bb384b16246f7be4d02965
SHA256e73fc9832521c5ba270f27c05607f5840ace13f67ebf3eb68582d4ceaffb3ddd
SHA512de152ffb5510769db28d3675ffe87cb2d7e80c41ba026e953c97580dfdc6acdf101e90fc4ae0ee8836b1df53cfbdb6e4c90f1dfe58af6a558c899d113271dec1
-
Filesize
13KB
MD5dc56a4467c7525e4b6ea890ed100d1f7
SHA18b0511657bee6eabe508476d539a8eae0f58bb02
SHA2560eb6d70fcff77e73fe47f8a2adf4a81e13ea57c7f4d3e8e0e91808b35c8200c5
SHA5122816285de819970d31e44f2dd7b8044ec444beff5a0a75c7e7415f1015efcf6f22f314ce84742a673deb92b5c79fe6c14c756fa75ffa866fd8fadd7823caf7fe
-
Filesize
12KB
MD56dba7ea988b5388f42fe3543c8c17f70
SHA14f80389f0fd2f835277e0cab2728d42b83a6b712
SHA25665a45a7a6df6bcfac5ba59855822af2c4e23680cfda5620cfb5205c3b5676cdc
SHA512fe4f33310eead9a64d34192082cd0d67839f61d388986750ef37ff2c09e59e46dbf8be61b0dfc37c564254a0355dbb9a12be81e355b43d78f00a5d4efb5e7dc3
-
Filesize
13KB
MD568a84f8d5d457fe21b2877f3d472b22e
SHA13712b8bddf10d0692f5a956a83d9bfd68c2d63a0
SHA2569a801bf5d3cdb5592b764a8ea89b74f9242d725d44077689e1cb1e00395f29b2
SHA51279e6f1117de36c5317a6f417c4bb3d838c0d6ca8f87e1b045637605981d325b15e7b47cd7512b6b3968f6fdf39765cdfbc9b118410c4b2755a29bef6d71105f2
-
Filesize
30KB
MD525d73d8725c5dacbcb60ca53895ee10f
SHA19632e0e4ad93b526347187f2a3175c9fb1ff5cc5
SHA256bde9936e244c0c51b071c2f269a619a585dca352476a97f49605068420896df2
SHA512d9ce1d3e9b4119a954d945424a923584de646b05e5a00b9e1c72d1315d670d79c1c5977125a04f01a004e3df33c33690b23ef7e5148a66f30dba4d380910ae5c
-
Filesize
51KB
MD5237377ca121527865b8771372933c2af
SHA1a4d08f5f9e61cff22da2e946935341334222471e
SHA256ca5cba14182110d9d007d7b16ac5171eadd0462f83365d5a9491b9c72d90b5a7
SHA512215f4a05f4ee3252e754fcc80957fa6989adc9626e954448ad6eb10d518f863b2e9cbf040b78e159a9f0608fece117d476d18694cd3087e8bfdb76878e4de7a3
-
Filesize
107KB
MD5cb32db8142a22c67aba8b2332fd175c0
SHA15a170d65ddd768dc4c8325024f055fcc8b3cfd5e
SHA2565ad6c0d6b22f12797f38ebb0ded97e1393104d696192d1e091ce981cabd6dab0
SHA512f01af87ac1a139a0cb4418fdb7be5eea2e7574d3eaad1abff2127b4c70e84e8966bc80188545ddea6bf0075d88d3d014b2e6998a0a79fcb25f98f15d2de3b933
-
Filesize
97KB
MD5c144bb5ae778d9eb5740765bf2767459
SHA11e458507518ae4178b67dd1cc1d577e61d363e46
SHA256a23f9fa1cfd646b723cc451f4e5511c0a6eff2eed604ff7a747087eba0cf40c1
SHA5120defdd00b1f8cace88b61c2957dbcdca9dceeeb0d9f1c71d24ab18c528076ea3eecd23406ac27b27d9737e8862f83b80f44fccabcbb0a3627706f3eea4650a20
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
167KB
MD5f14b989516f256db1befee3dee508f55
SHA1fbd2c6b1d783debb9a69c5766d3672138e24e127
SHA256c88dbbd0002395beaeaef3f855790abef3430d76307953825745339bdc1f9388
SHA512bfa84b7837d3bcda55571710289092af7e6cb7ee48b21a2a032d24b495ddbe9259c07eeceb58fb2a5ac4482e2b120259fe5b95162eb632228c86516f41bf035e
-
Filesize
32KB
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
9.6MB
-
Filesize
64KB
-
Filesize
624KB
-
Filesize
4.8MB
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
9.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
204KB