Resubmissions
01-05-2024 15:23
240501-ssgfesca99 122-04-2024 08:54
240422-kvcw1shf99 1022-04-2024 08:50
240422-krk38ahf67 10Analysis
-
max time kernel
106s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
22-04-2024 08:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://filetransfer.io/data-package/g83ORAG3#link
Resource
win10v2004-20240412-en
General
-
Target
https://filetransfer.io/data-package/g83ORAG3#link
Malware Config
Extracted
discordrat
-
discord_token
MTIzMDgwNjQ0NzM2NTk0NzQ1Ng.G2vGiE.8f97-UjGmmPjSih2nipyB83KB174hMORkyul_0
-
server_id
1229126898051973120
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 5832 & .exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 149 discord.com 154 discord.com 148 discord.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2288054676-1871194608-3559553667-1000\{C2ACBB70-27DD-48A7-81CA-41A088D434BB} msedge.exe Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 478428.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1864 msedge.exe 1864 msedge.exe 3768 msedge.exe 3768 msedge.exe 3644 identity_helper.exe 3644 identity_helper.exe 4248 msedge.exe 4248 msedge.exe 5556 msedge.exe 5556 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
pid Process 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5832 & .exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3768 wrote to memory of 216 3768 msedge.exe 85 PID 3768 wrote to memory of 216 3768 msedge.exe 85 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 3252 3768 msedge.exe 86 PID 3768 wrote to memory of 1864 3768 msedge.exe 87 PID 3768 wrote to memory of 1864 3768 msedge.exe 87 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88 PID 3768 wrote to memory of 2000 3768 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filetransfer.io/data-package/g83ORAG3#link1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd17de46f8,0x7ffd17de4708,0x7ffd17de47182⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:2000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:82⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:12⤵PID:5900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2148 /prefetch:82⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2628 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:12⤵PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:5760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:12⤵PID:2144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:82⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6364 /prefetch:82⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,8501836393557491539,16646047984279140786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5556
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3644
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3604
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2352
-
C:\Users\Admin\Downloads\& .exe"C:\Users\Admin\Downloads\& .exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5832
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55e2f0fe48e7ee1aad1c24db5c01c354a
SHA15bfeb862e107dd290d87385dc9369bd7a1006b36
SHA256f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9
SHA512140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e
-
Filesize
152B
MD57e0880992c640aca08737893588a0010
SHA16ceec5cb125a52751de8aeda4bab7112f68ae0fe
SHA2568649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2
SHA51252bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
69KB
MD5aac57f6f587f163486628b8860aa3637
SHA1b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA2560cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA5120622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a
-
Filesize
36KB
MD5373cd53c408180c939165335e627fdb1
SHA10e0978e79b93bc3df23d73c042f6b5f8c20ecdc6
SHA256c884b19162a6f5a0cd8fff61c5ba35729a2bec074dee7f1b514f60a5abd77909
SHA512906c2ab56861ab8a0fac560c3b508f69275eeacf294bc4afcc20c40fe1a0e8cbc16c7535b17ded0f3f8bbe4a336f2899139411708103a2f6c0d8bfe1be4d2a0c
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.1MB
MD51f557ae943b3a1e823b56cf9d410e7c3
SHA11340fc7fa2cf9fade7bebcc8b4dc62a1686aad54
SHA25640f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb
SHA51232d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5feea17d614935ee9c6ccd318a66a2016
SHA1aebb2f30afb6413d3ccb2507087e3e33c637bb06
SHA256d65bc8ab81c8998ef681485dc2bf9b69252c69de95f179d1934e3e46359c1d83
SHA5125bba9e6bf08615a3d9b137ddb0b21cd2db660347368d580b020e32577711c21859d9be532d17a3e50e4b2bcba802fbf4ad0ba556658601a5e1d4a27d4c3f29d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD55ff3909125690eaceca5bbbba415f1df
SHA17993b63f102e5eb33aa4fe0852f4d47ba41cd4d1
SHA256f1fc9870984ecef2d9de5bd60c99a6591e76a0dba070389e2d860b9ab64b14a3
SHA51257c21ad1ec848878b333476319ae16853f1b8bf93754ad833fb6177c4fdfe3205808e1bcd5ab28fc7148aa82b529563cb41a7435f5b1af8daaccf89eee82bbfd
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD55f53b4f8fe58443258c6d15fb076d90d
SHA1858d43163527b52686ec03d53513662dcf354289
SHA256aedb1011cce2beaebee68f42464722034c608ccc60fcac15b6a9d1e65b983455
SHA512eaa5d750aa2ffccb924ea11c17599c4d422db14937598e0ffd6f97335d1746d037240fceb330d38863872f8269c8fa3892b7fdcc60a04ca4da20b8fce3a1a97a
-
Filesize
6KB
MD593e7bafab4c247db33868417961528f3
SHA1b9c5c1c4e01a6480edb200f77b6085d95c59559e
SHA256b2790c15160eaf2e948e1f99d096140e39dc872e2f908f19bb0e7bd9d8905417
SHA5127d376da10609e8ce352481e79842064c906dace006f1ba76b51c8e2d491fa72e4ae5ff6e90b93e5dba0c0af00c81d3cc0b0a1b7e1467ac79ef70f4d0dd424fb6
-
Filesize
7KB
MD537d45f6c75425a90c30f15a83922d488
SHA152b5adfea3da2581b98d222441181bc29ee49219
SHA25665be165b08e23e21db6730ba8df2ed4222e99222487655a4ea0127d68ead6f0a
SHA5122c5a73ba6eea3a6b0be92f684fc6a3a25d17a5e75cf8a19406ee2eb02d416a07a01b2dd9016cb1af5bfc3431613bc91970cb19050c392084881b09cced74c9d3
-
Filesize
6KB
MD5442fcba3803251b55e654108f135ad91
SHA12e7b73aa5ed61f5377dd15b5f48e9d2f65664efb
SHA256d7896cc30ebf8ac5282a083f03f052023531d976d6a985949182d72f970b1df8
SHA512338cabe04b7fd9300897f716a77e9c9dc6806f4f111b11c73f914a6e6c21070191913218825a4b86ea5e2d7775e0d51e684c14c4e79378d1d0fdaa11de4cfdd6
-
Filesize
7KB
MD5f5acd5ce41c56545ceb2c15e75653feb
SHA13ceca6e8f0d6d48e4eee74ab479e2bb42222a4dc
SHA25609c71f95bb7b1d0fcde2e5b3ede13d0f8e496cf848c382009c43c5d6920d7de1
SHA51242a2c1d21291c902b8aa016e7192d40f07b95d969058c9a7066a779032c2ff9fa83adffefebd26a0dea1358e0a666f1e249e3146a3c8ebdf02c792b02104c830
-
Filesize
1KB
MD5fffd0f21fb046d42a2e4b4e27fc958cb
SHA10b5247f4e70641901acce8529f6b365d60ab35f4
SHA2566ccb4251f2c11dcbee333d9d75b6097d534eda6b9ae1e2ba8ab78dce6d0ebbb3
SHA5129aaecf19687bdcccd956c20e6ec79121bc5e181d5b9503dacf3625c16b7b20704705fee06b74cd57e7a3aa1f6a7d66104d35152d0f74650438b1ce86fa2fc2e9
-
Filesize
1KB
MD5cd35c4330c6d6e1a75540b3aabd51545
SHA1f9f74295b80a389d3605a34acbc2928c0142a0c7
SHA256cc8c214279a8cd50ec48e99eaa9b648ad93c49d87d193114fa63d80c441ebb38
SHA5129ba128458859fcb817bfd497d8c5dd53feecd2a065b08ffaa1f9070e7ec218aac1718469fe247a968dc086b4c87e793e90d0bc5f0cb96b91d8185f9bcfac5c47
-
Filesize
704B
MD5df0225931304c8728559368f0e36a551
SHA1d8fb72c3f21b1e8c2c2497679659f1dc33dead86
SHA2561de33199a06f2b37117e0ec6dfba44f6dcc9d7df138ba5b222eda2ce64d8b0ce
SHA5126b447d4d1e21fe87090822359205ea595b4b612c56f2ceaceaf6bea03e8dd301e506447c053b7c34893d6702c025ff27c5321a1049443d31b508da473ed43ec0
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5e1b96e35d34fd6d4c64fa69402d6fee8
SHA1a23b0e3cfb7843ca28a6b9ae412d1e357ba24cf8
SHA2560b1dcd1f531c98f97a85141d40f6a8a8bfa7f995e6e83eac767922477cbeedb0
SHA512f288a3c1bb44f46b0ca5ff7d2b2221eafc849c8bcff8e888592c325f122db3eeed5242da3d4f22fd05c8866e8be8c4d1db605af18fc29b824741123ea0d5b8be
-
Filesize
12KB
MD5548cb269bb52d07ecbce5a5df10eb365
SHA15bf4e93d7f4f8a9914ccc3ce3b5200f8e4ef54da
SHA25653f460e0c2ade09f4fdaa2464885a8a6830d651a8a35547dc875d573c9c4b6fd
SHA512ed224a3bdeefaf4b100edd780491a2e0e7e4380eddc40d33af1e76117d566f4534c8fb01b0f6e06bc16c9ea1c2fae01dd921dbb207319f8977dc5e521aa1c7cd
-
Filesize
78KB
MD56006aeb01e20f9112892f65cd821e3f6
SHA15c7d8e3a7db334e34bdcf6d88d26da94e2ffeb83
SHA256fe3c0bb68b27794c7b6116f529cc9357e64da34062a2de0d8ae7b6f28c0f8651
SHA51220423c57e33b3edb1901db0632590ae65488e72071dfd85d5f881631dd9afab4365f0b849a1302ed249a6bab9bd6490869e71530bd58b0d120febec670397450