Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
598s -
max time network
584s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 00:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240508-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 4732 You-Are-An-Idiot-Vir_eejUzc4HeL.tmp 4452 audioconverter32.exe -
Loads dropped DLL 3 IoCs
pid Process 4732 You-Are-An-Idiot-Vir_eejUzc4HeL.tmp 4732 You-Are-An-Idiot-Vir_eejUzc4HeL.tmp 4732 You-Are-An-Idiot-Vir_eejUzc4HeL.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1676 msedge.exe 1676 msedge.exe 772 msedge.exe 772 msedge.exe 4984 identity_helper.exe 4984 identity_helper.exe 3876 msedge.exe 3876 msedge.exe 4568 msedge.exe 4568 msedge.exe 4568 msedge.exe 4568 msedge.exe 4732 You-Are-An-Idiot-Vir_eejUzc4HeL.tmp 4732 You-Are-An-Idiot-Vir_eejUzc4HeL.tmp 4452 audioconverter32.exe 4452 audioconverter32.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
pid Process 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 4732 You-Are-An-Idiot-Vir_eejUzc4HeL.tmp -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 772 wrote to memory of 1568 772 msedge.exe 80 PID 772 wrote to memory of 1568 772 msedge.exe 80 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1548 772 msedge.exe 81 PID 772 wrote to memory of 1676 772 msedge.exe 82 PID 772 wrote to memory of 1676 772 msedge.exe 82 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83 PID 772 wrote to memory of 4188 772 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:772 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb614e46f8,0x7ffb614e4708,0x7ffb614e47182⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:1056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 /prefetch:82⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:3908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5708 /prefetch:82⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13050072077181112838,11547153349919600840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6616 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4568
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2900
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1808
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1920
-
C:\Users\Admin\AppData\Local\Temp\Temp1_You-Are-An-Idiot-Vir_eejUzc4HeL.zip\You-Are-An-Idiot-Vir_eejUzc4HeL.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_You-Are-An-Idiot-Vir_eejUzc4HeL.zip\You-Are-An-Idiot-Vir_eejUzc4HeL.exe"1⤵PID:2900
-
C:\Users\Admin\AppData\Local\Temp\is-U08N0.tmp\You-Are-An-Idiot-Vir_eejUzc4HeL.tmp"C:\Users\Admin\AppData\Local\Temp\is-U08N0.tmp\You-Are-An-Idiot-Vir_eejUzc4HeL.tmp" /SL5="$140042,6132253,56832,C:\Users\Admin\AppData\Local\Temp\Temp1_You-Are-An-Idiot-Vir_eejUzc4HeL.zip\You-Are-An-Idiot-Vir_eejUzc4HeL.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4732 -
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Audio_Converter_583"3⤵PID:4716
-
-
C:\Users\Admin\AppData\Local\Freemake Audio Converter\audioconverter32.exe"C:\Users\Admin\AppData\Local\Freemake Audio Converter\audioconverter32.exe" ddb078644de721dfdcbf94210a2b81f43⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4452
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.0MB
MD5ed8cf4561da45a6d030daae00a3a1457
SHA18c955ac2d8f13a1c825a4339e717c9cd8d649935
SHA256df1a43b48c563eadf9b52651f82e2cce7eb3b69146897cdb4914d8e9040361e4
SHA512acc90d5ffd8b572ca9e3be12d304923f8f4c43f8b3eb9caaf663d1e05bdf874585e6f0d8694a23828d4670cd06e89b4a01da4f9e8c7cf0eaebc30caf6efdd208
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize960B
MD591b6f107227ae832e794981d1627c039
SHA1026dfc17c7d197d30ec921931922ecb133cd95a2
SHA25690cad1d86ecb90a8b5d9f8aae650982ef75604886edf45b3ff2ba8bcc7970b67
SHA5126e4dc6a2dea9dda6f3f4173d9c57dd9c53877d91e212572c8bddb1d80a2b55847f304539278096b719435e5e86aafc51d6b7c1c7442267d306eecea75e4a93f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD54422e67b97106796a9c25de03e5fa270
SHA11f0341d084e0867e9345f06af4931a99bc7a091e
SHA256da78943299a66376f5a3fc0515545ba8a3eceefc378ef62ad98489298ca8627f
SHA512aad78fbcfa221930db867c427c76293c5508f55d08d549f72bebd04089c01bc1fdf5015edb4a5468eed67cc90027b4f7d07563eb996a0fa743901971481a65b0
-
Filesize
3KB
MD5fa099196bad1bc42a3ef417052ec8d4b
SHA1d41c7f3a2090fd14010bc7032a84c2ce4c4364a4
SHA2567f2cd2c04a8ecd2c7e7395b56f46d529c56d657486de7900822d786514db0ded
SHA512a9ce59aec4401e7a6dc467121a3cf9425edaa3c586f687f644ea6d366ed9a9b1fce8f1f9023a32c47da446aca9ab985105f21192f5b7dc71bffcd7bc8036c926
-
Filesize
1KB
MD546de8c2b0b1813cd50612878cc7e0a3e
SHA1d331b3eca4becdd14fa1ed7d68d9e07a3c14ac65
SHA25678cc02a16bbcfae5304074b92a1e992820b375c6c9c20bb181dcdaebc7609457
SHA5121500b5ddf23fd1385281b37313e7e7a116bb46fe87337bc8c93ab15f8217cce4cc02928829ec2d01a724ca930af8673d696633ca7eabe73549d0d8236b5d2f40
-
Filesize
3KB
MD543f90836b0dd6176ba5f167ab8a39e8e
SHA16459390cea2df31fdf2f65be5b796ebb58ffa919
SHA256644dcf2d5837d6031c63c0ca59ea3457b9a488be77a2b9c0a0896e35249102de
SHA51298928ea9c6993f2dab268fc60c63f8bf5b524c453abbf3005d8a0abd08ea246487f2a336d0d50a70a8f79eaf27a752e6ee9b3b8f9a1fc38ae91f6cb877eccac5
-
Filesize
6KB
MD58903586a397d7c327dabc4678c3b8f9e
SHA1d19ffeacd06005f1e5bd0cdb3b148029ccb561e4
SHA256f1652276d9a7dff0a87fb225dc15cc3fde2af2325875bfdb463255fc53e0ac1f
SHA512032058b32343e338c83149aa420c36c168afd60f3b6ae729b9d9b5d74cde5e40c0f8b5c33dfb07ff8bbf0aa1dd1648308d87ccf190bf8423fc84c440b215a222
-
Filesize
6KB
MD57e4490458da3ff31bb0ec84a0055303f
SHA1e1d1cc65bd33ceae22208e1de24f3c22849575d5
SHA256ebcbcfec88fbb28635835901ba13bb6c00f1ff9631da5c1603240cd275d0b63c
SHA5126d8b34fd1fa3dbde00f8ebbefd0f4a93a2b68de6373e2125559b6ee7ac3b2afdf8a816ad420bc776dae06ee034b685d6905533c4e8c36968d94a5ac493dee87f
-
Filesize
6KB
MD55656fac9e01d8e24b0b343ee81641895
SHA106b6d7ba87d06a39cfce350c4d3a8612d5f75330
SHA256fff45129943eadc66938fc60665b37d3cbd1239595c35855862b933c6fd4eade
SHA5126112e40e68b50634bb87ae859a9f2bc0dd5d1e8377f3085c55ba485178bfd17eb29ef460268e8271baa62bbc3bbf5fd1c724488ac12ec2afb2cbbaaa7ec8ef62
-
Filesize
7KB
MD50cf3c5599e6adf582dc264f5396e45b8
SHA1e568286da2631aa06209a1a2f21444cf25f3269f
SHA2560d0403e384607d4354a048c8a679809039b262ce6bf9163baba551eb9e7ece08
SHA512c29fb86e0c0765a4ad415a376ee806b9eeea34541e77524d639417e9fef70a0e1b4ea5c9b25d0f949c5c26a855a717e02a03e7f79f3cf90f63bbd56ffe7d2c06
-
Filesize
7KB
MD5053be2e940c79a01f23316af229affbe
SHA19969af955f5f35be77d5e0dc4560d8927a2ff492
SHA2563c89d1c33e4955c502844ff1e8ae62c8eff9fa1f877813859f64f1b3061dec90
SHA512ea732e177db0cb073153e586c5242c116685fbcf5bc35eb5ceb407d0c0998654589711a1acb8706ee211b489c2c0137fb47fd1d8fe4cf61de2ee105e623c82d0
-
Filesize
8KB
MD5397d894639a6b81f3de0994307a5d103
SHA124b194def50a54f0fa46d9791de6ae1f00946cd0
SHA256cc44d57f37eba53b6a9dd0fb928b3359ea79072f9cb2f453e3a9f98c158db19f
SHA5120b897dd072e146df3e6f2677136f1329d79d89576af87641063f06e886001d78c190f1da8e49f9e7ae27b2c657e8483ef293fc18ad4200418cd744fee146ac94
-
Filesize
204B
MD5823a5c9d051b0da78bf61a051d0ee339
SHA18f974f5dbb60172bd68515bdb5cdc2603a9b00f1
SHA25650ca46e10509a8d8754618bc021923040c2eccf765443007a739a739c05bead4
SHA512b2422916ce30e3df6097af43dd73aa6f88d5e36ae954bb1695596caa5e92c6573c29b075bc48d81d657e0f344b295751f7d681500c20e7c60b49805df4839549
-
Filesize
204B
MD5170eef4c39282856ad57f12bceb28004
SHA15b77db5739fd02b9f91d884ab92b867eb6ee474a
SHA256e5354235f347db8d5dedceb8c7f0b25b46e1050424cb7d63b0b40c8c8c2f073b
SHA51260da627a50226cdb53996cf1c3e4f8296c134facbb80d317e3a773aca941248044ef26c7673c716944583b11cf0e407c3b09e8c25d48b4bc57c6bc925a63073b
-
Filesize
1KB
MD5b03dcbe965bd0f85c16c7c78556f9306
SHA1c65609c3f8627c1c6ef27e4d60820092e539dd61
SHA2569326dc185117813dfd6faeb2f5ac29a69a02c08a4c5ba2c08ed7aad287302cbf
SHA512c359bd4039e99284a252b0e5b0f08b504b7afe746439bf5306d81083ecc08715fb64f60cd2997b5de2e6b07336f8e91976b10b5d2254a0d86e37365512984ff8
-
Filesize
1KB
MD5473d8989e315453bac125e936b17e322
SHA18502d129cd428edb85ce9a8558e866ad863c1cc4
SHA25613b03e3c8da83ee56e485d9bab0e05b131053a44c2c383121d78276650ed7926
SHA5123e75777b0fc711fed563058ffe09c12d34ae13eec17326a4091a153071d53294343b851c0e8e3aca6f44da0cff5b695b62e08b282989d5981bd5d4fe6b1ca49c
-
Filesize
204B
MD56a88b57a9e9701e52134efd3419e1bbe
SHA1755d6c639b17825909ebf83dcc582a8c70eb061b
SHA2566739c681bc63bb8474e764b81e4af1f40510c1e75da663eb048b3b89a2f2de3f
SHA5123b19dfc83c7cacc1459039cbfe31c85641f12232180a5ae102a0f5bc6e54f3cc8de384515b022919eb8e2ed4efd322882c16c8fe2576c5c092fb0bd573a93bb3
-
Filesize
200B
MD55c8e66c469fd4257101e50cec51dce54
SHA15f971d3bb40e1d939883cfb5b6cccf6e15b0f04c
SHA256619b0b3b02013014e095264d7fe632e186ea0edfa5bb0f29f0b500f28f596027
SHA512625813e1f035bbaa3e1b1063978c8e75ae41e1a9e7e5e073be2d0d4efed19ffcb3e99e436c46285b758ae3ae09577cc9008a292296e6a951010d0a6195e25643
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD50924ad9f1ecf25578540c43452a222f1
SHA144fdacf1595070bc302b757964f1a3f91523c2e5
SHA25622b4b32c63a123d42ead2d9e9b1a764bb59a4e2af789bfaf0e74116ce1fa92ff
SHA5126f32ee89e853ea8fd0956233b8f0ca70da668e73eaa7e6a65cee48a8ed41131b88bfc5b10486ec7b122dda3d6d448b498aacb314ff2088b26ba362eb26d23a3c
-
Filesize
12KB
MD5c58278bc89905562efc06e4da21468da
SHA1a0802a318f918f495f02afd8e1b465789cc9a51d
SHA25610497efc3aeba60159bd637cb5ed2d110760e4e131ca94bda7c90140d2c17c85
SHA512bf3e62c86283b6b5163f9b96325b8dfe2ded7debb77c23391b86aa3b433196502ac908cbac3817bcd1096ca6842cbd9aa84e0744768cabed180ba3b6fb0ce96d
-
Filesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
Filesize
19KB
MD53adaa386b671c2df3bae5b39dc093008
SHA1067cf95fbdb922d81db58432c46930f86d23dded
SHA25671cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38
SHA512bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303
-
Filesize
692KB
MD53c7589a615c450e30598ee5e8c34497e
SHA1d29e9529cefad747f2ad41bac196fa44c1168236
SHA256c37d59ce5c1258669006f50060c7243204f3a879b5d20c248eacf1c096e832aa
SHA512af7cfabec9229b7d21f33e78305e9d6b351080fb3b03e0e2b22053f23d6b37e48480e149552a20744840274e91e1a8c5aacbbea0c46daf0b0a9c9844df90f73e
-
Filesize
6.1MB
MD56e053cf9873cfb069a39cc217b86d456
SHA132c4896ebce68274cc4f25f9c3dfe8436fcf5239
SHA25640c66b10b480cbb320a2ae466141472674ad19c4e5aea87ac9079cf212efddea
SHA512611c7d0d47a44f1dbbd0aa64f1996e5a8b40805d86cb5c4cb223d7e6c7fd04b80e8235beb867e2a2d4cfef9372e6095ad9ba04770a50f04446fb3cf8050d3f5f