Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
01-05-2024 11:58
General
-
Target
sample.html
-
Size
2KB
-
MD5
f21369e07c43c01275ff32429378e49f
-
SHA1
3864c46bd3155638138f2ac919feedff288cb52b
-
SHA256
61248c50e00d06ca3fe08bb6879c8d40ef367778b44c27472fcf40814b2ddbc2
-
SHA512
6b9031c5e173311172b496d425bb331ed8918d92322b7b79008bc0968997de1040858d3295b7cf2887eace9f3ee5597caa9ac19edb0a52fe2ba254eb6b3084ca
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9ed46f8,0x7ffcd9ed4708,0x7ffcd9ed47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5536 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5492 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8692 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2845708573342385198,6880712311019648649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6064 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
Filesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
Filesize
64KB
MD591f9bf2bcb357b71140d651b06fc4d63
SHA13f0393acf921f664e645293512219b067ddfb89e
SHA2562458caf4bb1c1eed378cf2d305f0d44533d2b8644ea749598a0ba0e7c15fd5f8
SHA5128c951c1fb792650ce4add101b324f297660c4c0a8130564e13948f0a9e9b5df1ca2918df8bb39dc647421fea7a8a43622ce9ed52c7b47ae4dcf6e2ce03a6a5e1
-
Filesize
264B
MD5ed7fbb7420dda12f0a966e158644b144
SHA183676bdffc674882138a67d110408aaa796b35b2
SHA256df6bde69036543b1253145c661b1db0832814993014826eac4fae9af5ebfea4c
SHA512facd3d82774291bf69673b3d822f8cb78eabd9a439c7e0152b0ea73ad966ddead8b030e4e289d51902aaa40eb8327c0208aa853494da83dd0259ca864185500b
-
Filesize
3KB
MD535b08bb502ba56989196ace07f2cfeb2
SHA12b2bf67074f265c1b440c1582f51393f802e4eca
SHA256811d6c5cad760c2f70400ff3a54e7007caaa99b22d0e4951e213afac70b58e98
SHA512fcdeb51e13ef3b0c562ef2bd4f9775987fc2955069609f9e5d68094126cf84949f41862a7abcdb9a65571cc9f481abdecf4a2c3cb58fd559edd3a33a72548112
-
Filesize
2KB
MD507a78bf9138632fe98d49477a7b72ce6
SHA1b8f38ea9343aa2aa16e66143126d6a4ac7859818
SHA2564ceaf8c12ca4dce8043e8dfa03b1054a98cee59a2866b337a1891dca20cf5d54
SHA5125b99cb6a329558d1deb40511cd90daec720952b0cdbe1ece3dad91a7306e5d1e5a292b4eb47b80c796d65b9462e7c0201c06a37ed5b02302c58fbb1bb71468be
-
Filesize
9KB
MD513c778c18db3446178461d9ee749e717
SHA12f40ad41a71247e824fb1fd665eaf41c768c5d5f
SHA256d669eea07ffce09852d05af425d10f994aa3c40a8a71af8d03c4e7cde14c3b6a
SHA5124dd21eff17341553a9352ae346c310bb780542d6b90d7590a7c29f419e5b15825141c65913976c39e048a5f127df4ccc19b037e0b0a57473c705214b75f22379
-
Filesize
6KB
MD52020f380efc4dff3a8b19bc4dab09df7
SHA169eb6bc4fb41794985f6efe4ac40645cd494680a
SHA2561f39f25be7eba4958649a67c3a5c6b2c19a3f81bdb53deaac876eb0f92b280db
SHA512ac7646fb3b7f018fcafdd2a777305451a6f816fe2e08dd996f64c5369fccd7f561b22314634fb5a9a4d81ffda6e5702a84b78ad8c43ff1a1765adb77b6c20b56
-
Filesize
8KB
MD58a2f50961c4d265cb53f625444ec5be9
SHA13d6f6ac9b6ed6c09266668deaf9df5b75f530d88
SHA2563149ec94fff97ec43f763e2461a5a8b70d527b7dc66b767fdc8ee21c5065c7f9
SHA512314b090cc43ff318238ea2789a5b1d4f7da663ce94413dc89482a72c742f85e46270e0cf00a37fc679ad1effcb4fb1a3b4dde0be619cb3f14c6f24841d3d3cab
-
Filesize
15KB
MD562b027869d41401f8ee7fcca9804fb38
SHA13f54853a16f5987658f1064d67a52e6da0aa4cbe
SHA2566cc67056b868928f0cf71dc54bbdc4637e0e9fe6efc90854319cb61e7d518240
SHA512c252569ea7679036436d01fa4863e717d8e7232af55aa0365eacb69b977d4278de4bcaf7a3a28852ef008e7efd691001e860c150e49c01a020e82dc18c4dd2de
-
Filesize
6KB
MD54ec2cc839cbfb48b38d070233f41100f
SHA1e1297523265ee6c3173cbba2046fc632d6800737
SHA256122cfd24e1343755c02621bf9b90905ce35ef7a940e564bdb030fd8237175687
SHA5124a2d73f9ff06fe2399d8b2ec9622200ba9d99b7d7d7266cd13842d48487145dad811c61ebda9173c948e74583c2a4411ba0e6bd00e73e5c63c738c8262958bf6
-
Filesize
15KB
MD535188ae8da47f40544acdbb68c841b82
SHA1f700c67e58b3229b817aef903abcb3dbfabdcfeb
SHA2560fc6dfe218d7a318bdfe3b6de29a7758dc5f6fcdad76285cf45f805156a6ee5c
SHA5121e8aa8a1a54f364dd8116b6d741c480abcc137e66d09ea1edf8f389c493be523070cd52e5194402de7aae6d4528a16fbdebb2ac67ca162384abee4dbd822a528
-
Filesize
4KB
MD565bfb639c3e2308b64ebd2f7cef18319
SHA19626c7bc7b1b7ce8e8bcacd6c9ddd36101d427d9
SHA2561b42db3933968722560ea68f303cba1aa901a9963c5f888f21984c84dc66d871
SHA5120cef6ce45060da7bf51dec03a989d59537b33775ab7845d45122bd8beab3a199d9812fbfa9327b489df6c21204de5eb24901c643f5d9742b94eb44e6bfaf8c98
-
Filesize
4KB
MD5b8a80838c39beb12401a7ed375ccdb41
SHA10bb50b3d6433c146fb1ef343744b39532e3cc399
SHA25680b86cf838fb6a3d362ada3a318b55acb703e6ff66b81a46c31e6ab396e2dfe8
SHA512bc0a0a8541db0ace062c60878a90843741f81bca5fd03793112b10c5c2d7f98faf819f7ef4e5adaea6a6aa69ccb676fe990c61823a84eb9823efe1b5c52c4e6b
-
Filesize
4KB
MD582e0ab04fb02a2b1ddf70693e726c604
SHA1a8a53ca6f3b28c397326264aca108341259f6906
SHA2567e289971c9a368bf5d0b969378dba5feb59f07b72615240f1254f0ce4d894d73
SHA51285b491d26231fda7d85b54893e6aba848b77c48eb57ab51f79e28a423de2d86b656b850222327313aecb868c0d7bf413e3797dd248e538414e6647cf9a86dbe4
-
Filesize
1KB
MD5f780c5ebb009872581ef5df0976d8d9b
SHA1525d8a615bb2efd0ce61d0321d68a2b93eaa17e0
SHA2561aeeca8404acf6f5b5a930fac87bcf5cb70849cc338f533258a1b0a8b55cc39f
SHA512f461ec9d8ace556afc67468b6b277353ee17f5899c809191a1b8844ee729f801856dece8bbd16ecc49c42986d16b19b93654df554efea66a7cabd2c751bfc1eb
-
Filesize
4KB
MD502f959889aa65b8e4eab96a184493825
SHA10206c54460fe885f0978c3e24badd8bd01d57dfe
SHA25620c31912b3559e5a561bb747509910aa5b6e3fe32cf58452094d99f6ea5de1bb
SHA512f105f96a97009aae49be40b4e2b8246a4a5e59512cd3021b3b89815669819e9de1283735975670b6e89ecb180228cde67cdf6b80a1a06aa027f0f2762709c72f
-
Filesize
539B
MD5e82388baca09eaf8e4e97fba4f25de31
SHA1156bae8c297a3a471bbe70638d33545e0e6ecb06
SHA2569bb052277d9de1f16aa18cf54ae3998c93b97e96b848e700dd4c8812283001bc
SHA5122f3d9b590b2895f3586e0331a93f19bec117bbc5ccb8be6e13fe77601ce42768a12ccf7bcdf00add76bfd59b61c950f3ab8da0cc7ecb54f6f3e464faf21ac343
-
Filesize
372B
MD5c94df8656a4c947625ade624efaf6141
SHA190cacafecccc2a506d3e55f94816257007de7cdd
SHA2560b41851493e75bebe90db64fc3c27bb88e3becb1cc57ef9af03b8b87b0fe2f99
SHA5121654c1b25d1b2067652555584a40716503ee46c25c240bbe0f31eff43a18b1bad3ea79d744676520422b41c9ca331d1027bcdc652735969855a0b1ecc313540a
-
Filesize
4KB
MD5d0d598f152e01e1ff3838f5565d08901
SHA1eddad1109332b688fcdafa1b10e3c31783ef7098
SHA256ba879aa5581ae7b34840b7dd064d70fd4a51814b1371ba9a37610598c737090e
SHA51231ee65e94b81687f75d22e13b5baea3e163372a52552e3062cf7309bf99acf4a4d16319e12686f4831db4f1ee7d01affd87febc8920f561c4b5fbab32373373a
-
Filesize
204B
MD56b76ff9680b12e669845019810a62dbf
SHA1825fdcb139410a7a84b9944b01578299f8f5c222
SHA2564e91a4f49752a1259575a4ba5d79b9b9c8c9c59b1987e7f27ed2c172bbedf589
SHA51227041b3650d9d0f941686ae16d5aeedb682513e086575ee9bfde70296a614bf58179534a93aa1171fb097be4cef91463a564a6eaa6b7e7c8f1d343dcb796d334
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d859ce3b32b793bbdd1f4b1f81baf614
SHA1e16246e941eecde64e98187ec358d84ff76a69d7
SHA25684669e485f4ef9fbddf137d10d82743af3e6d8d4c2506d2eccbaec80abf4901c
SHA51293446fa274b300f2bf7002a692a9a6a192ee2d6cea82a9da6b8098e06f1db571781b04d1f875d5bbbbc1182ef81d4251e78f5d00e7b36a6f6abab5cca9c6c955
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84