Analysis

  • max time kernel
    113s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-05-2024 16:33

General

  • Target

    https://www.mediafire.com/file/n57a5ttkc2zh52c/AxoPac.rar/file

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 39 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/n57a5ttkc2zh52c/AxoPac.rar/file
    1⤵
      PID:2900
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=3808,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:1
      1⤵
        PID:408
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4568,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:1
        1⤵
          PID:5060
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=4760,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:1
          1⤵
            PID:4056
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5380,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:8
            1⤵
              PID:4492
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5388,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
              1⤵
                PID:3188
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5920,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:1
                1⤵
                  PID:3744
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5924,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8
                  1⤵
                    PID:4632
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=6152,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1
                    1⤵
                      PID:636
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=6260,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:1
                      1⤵
                        PID:4640
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5076,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:1
                        1⤵
                          PID:2728
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6744,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:1
                          1⤵
                            PID:1516
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6916,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7004 /prefetch:1
                            1⤵
                              PID:4384
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6920,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7084 /prefetch:1
                              1⤵
                                PID:3916
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=7092,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7388 /prefetch:1
                                1⤵
                                  PID:5184
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=7684,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7704 /prefetch:8
                                  1⤵
                                    PID:5260
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=7580,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7756 /prefetch:1
                                    1⤵
                                      PID:5268
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=7584,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=8044 /prefetch:1
                                      1⤵
                                        PID:5460
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=8052,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=8312 /prefetch:1
                                        1⤵
                                          PID:5524
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=8088,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=8504 /prefetch:1
                                          1⤵
                                            PID:5532
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=8368,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=8640 /prefetch:1
                                            1⤵
                                              PID:5540
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=8816,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=8848 /prefetch:1
                                              1⤵
                                                PID:5652
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=760,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=8804 /prefetch:1
                                                1⤵
                                                  PID:5664
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=9112,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=8624 /prefetch:1
                                                  1⤵
                                                    PID:5772
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=9228,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=9232 /prefetch:1
                                                    1⤵
                                                      PID:5780
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=9524,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=9416 /prefetch:1
                                                      1⤵
                                                        PID:5888
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=9436,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=9448 /prefetch:1
                                                        1⤵
                                                          PID:5896
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=8340,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=9708 /prefetch:1
                                                          1⤵
                                                            PID:5908
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=9964,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=9948 /prefetch:1
                                                            1⤵
                                                              PID:6112
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=7240,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=9384 /prefetch:1
                                                              1⤵
                                                                PID:6328
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=10024,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7380 /prefetch:1
                                                                1⤵
                                                                  PID:6484
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=7504,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=8248 /prefetch:1
                                                                  1⤵
                                                                    PID:6496
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=6948,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:1
                                                                    1⤵
                                                                      PID:6560
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=7928,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7940 /prefetch:1
                                                                      1⤵
                                                                        PID:6616
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=8208,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1
                                                                        1⤵
                                                                          PID:6624
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=10152,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=9864 /prefetch:1
                                                                          1⤵
                                                                            PID:6768
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=9184,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:1
                                                                            1⤵
                                                                              PID:6776
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=7728,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=10204 /prefetch:1
                                                                              1⤵
                                                                                PID:6892
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=7744,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=10380 /prefetch:8
                                                                                1⤵
                                                                                  PID:5480
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5628,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=7536 /prefetch:8
                                                                                  1⤵
                                                                                    PID:5860
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10512,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:8
                                                                                    1⤵
                                                                                      PID:6360
                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                      1⤵
                                                                                      • Modifies registry class
                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      • Suspicious use of WriteProcessMemory
                                                                                      PID:5248
                                                                                      • C:\Program Files\7-Zip\7zFM.exe
                                                                                        "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\AxoPac.rar"
                                                                                        2⤵
                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                        PID:6064
                                                                                    • C:\Users\Admin\Desktop\AxoPac.exe
                                                                                      "C:\Users\Admin\Desktop\AxoPac.exe"
                                                                                      1⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of SetThreadContext
                                                                                      • Suspicious use of WriteProcessMemory
                                                                                      PID:4252
                                                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        2⤵
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:5408
                                                                                    • C:\Windows\system32\taskmgr.exe
                                                                                      "C:\Windows\system32\taskmgr.exe" /4
                                                                                      1⤵
                                                                                      • Checks SCSI registry key(s)
                                                                                      • Modifies registry class
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                      • Suspicious use of SendNotifyMessage
                                                                                      PID:2804
                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                      1⤵
                                                                                        PID:4332

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • memory/2804-22-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-26-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-28-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-29-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-30-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-31-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-32-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-27-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-20-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/2804-21-0x0000020DF6280000-0x0000020DF6281000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/4252-6-0x00000000009D0000-0x00000000009D1000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/4252-4-0x00000000009D0000-0x00000000009D1000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                      • memory/5408-10-0x0000000006DC0000-0x00000000073D8000-memory.dmp

                                                                                        Filesize

                                                                                        6.1MB

                                                                                      • memory/5408-13-0x00000000068C0000-0x00000000068FC000-memory.dmp

                                                                                        Filesize

                                                                                        240KB

                                                                                      • memory/5408-18-0x0000000008B70000-0x0000000008D32000-memory.dmp

                                                                                        Filesize

                                                                                        1.8MB

                                                                                      • memory/5408-19-0x0000000009270000-0x000000000979C000-memory.dmp

                                                                                        Filesize

                                                                                        5.2MB

                                                                                      • memory/5408-16-0x0000000007560000-0x00000000075D6000-memory.dmp

                                                                                        Filesize

                                                                                        472KB

                                                                                      • memory/5408-15-0x0000000006BC0000-0x0000000006C26000-memory.dmp

                                                                                        Filesize

                                                                                        408KB

                                                                                      • memory/5408-14-0x0000000006A40000-0x0000000006A8C000-memory.dmp

                                                                                        Filesize

                                                                                        304KB

                                                                                      • memory/5408-17-0x00000000074E0000-0x00000000074FE000-memory.dmp

                                                                                        Filesize

                                                                                        120KB

                                                                                      • memory/5408-12-0x0000000006860000-0x0000000006872000-memory.dmp

                                                                                        Filesize

                                                                                        72KB

                                                                                      • memory/5408-11-0x0000000006930000-0x0000000006A3A000-memory.dmp

                                                                                        Filesize

                                                                                        1.0MB

                                                                                      • memory/5408-9-0x0000000005950000-0x000000000595A000-memory.dmp

                                                                                        Filesize

                                                                                        40KB

                                                                                      • memory/5408-8-0x00000000057A0000-0x0000000005832000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                      • memory/5408-7-0x0000000005C60000-0x0000000006204000-memory.dmp

                                                                                        Filesize

                                                                                        5.6MB

                                                                                      • memory/5408-5-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                        Filesize

                                                                                        296KB