Analysis
-
max time kernel
262s -
max time network
267s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 22:16
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
lumma
https://corruptioncrackywosp.shop/api
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Signatures
-
Executes dropped EXE 4 IoCs
Processes:
Setup_v1.7.3.exeSetup_v1.7.3.exeSetup_v1.7.3.exeSetup_v1.7.3.exepid process 3152 Setup_v1.7.3.exe 3764 Setup_v1.7.3.exe 3692 Setup_v1.7.3.exe 4908 Setup_v1.7.3.exe -
Loads dropped DLL 4 IoCs
Processes:
Setup_v1.7.3.exeSetup_v1.7.3.exeSetup_v1.7.3.exeSetup_v1.7.3.exepid process 3152 Setup_v1.7.3.exe 3764 Setup_v1.7.3.exe 3692 Setup_v1.7.3.exe 4908 Setup_v1.7.3.exe -
Suspicious use of SetThreadContext 4 IoCs
Processes:
Setup_v1.7.3.exeSetup_v1.7.3.exeSetup_v1.7.3.exeSetup_v1.7.3.exedescription pid process target process PID 3152 set thread context of 3448 3152 Setup_v1.7.3.exe MsBuild.exe PID 3764 set thread context of 3376 3764 Setup_v1.7.3.exe MsBuild.exe PID 3692 set thread context of 3264 3692 Setup_v1.7.3.exe MsBuild.exe PID 4908 set thread context of 4544 4908 Setup_v1.7.3.exe MsBuild.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611490521234591" msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{0BFFEA11-6BF9-4D51-97AA-6D013B045F26} msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
msedge.exemsedge.exepid process 1840 msedge.exe 1840 msedge.exe 5240 msedge.exe 5240 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 4924 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
7zFM.exe7zG.exe7zG.exedescription pid process Token: SeRestorePrivilege 4924 7zFM.exe Token: 35 4924 7zFM.exe Token: SeRestorePrivilege 5492 7zG.exe Token: 35 5492 7zG.exe Token: SeRestorePrivilege 5940 7zG.exe Token: 35 5940 7zG.exe Token: SeSecurityPrivilege 5940 7zG.exe Token: SeSecurityPrivilege 5940 7zG.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
7zFM.exe7zG.exepid process 4924 7zFM.exe 5940 7zG.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1840 wrote to memory of 232 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 232 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 324 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 3472 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 3472 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe PID 1840 wrote to memory of 2028 1840 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/blowcrazynofex25/blowcrazynofex25/releases/download/latest/Git_softwares_v1_7_3.7z1⤵PID:4648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4112,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:11⤵PID:1296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4028,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:11⤵PID:4228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5292,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:81⤵PID:3208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5304,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:81⤵PID:2684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=5996,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:81⤵PID:1504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5764,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:11⤵PID:964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5952,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:81⤵PID:1992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6684,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:81⤵PID:324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1840 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x238,0x23c,0x240,0x234,0x2b0,0x7fffde21ceb8,0x7fffde21cec4,0x7fffde21ced02⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2376,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:22⤵PID:324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=3316 /prefetch:32⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2364,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:82⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:82⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:82⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=560,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:82⤵PID:5544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:82⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3504,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:82⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4816,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4280,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:82⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"1⤵PID:3732
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4924 -
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap4347:16:7zEvent21689 -ad -saa -- "C:\C_"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5492
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5772
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Git_softwares_v1_7_3\" -ad -an -ai#7zMap18623:100:7zEvent16631⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5940
-
C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe"C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3152 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe2⤵PID:3448
-
-
C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe"C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3764 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe2⤵PID:1732
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe2⤵PID:3376
-
-
C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe"C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3692 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe2⤵PID:3380
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe2⤵PID:3264
-
-
C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe"C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:4908 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe2⤵PID:1296
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe2⤵PID:4544
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD531f411b47f298b2609b21b4d71079504
SHA1bb5f1d6ad0debcb5c5c1a07ca10fd20525244b7f
SHA25610615b0398a81a380c0503e04c052a43687a79206b37aa468e45cf453cd31296
SHA5128f5a601316ceecc23cb46e2b3b05bbe7ed3242d586316f69c13af593b1988ad44a47c761e016466aafa0ab69ef29377f92ec04440e50fa9ccd50b2f5aa933052
-
Filesize
280B
MD5bb7a8ffed4852a1f4ab7942b4372e054
SHA118731b92df7c9bb88d525fb5a1dfaa5d4ae8c340
SHA25602a6faa9e0ef6f2f09a756fb0d660817b1efa46c2ad8d0c735f213912a5948a5
SHA5122f461935443eeaf9728573f3bb033e6a0aeeb76300d8756cffef8e1a573c7741da2f81fe4bde8d0825d77bdff8d338d027bf75ef7578f043991973f17b8d3f10
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1KB
MD5ddf4fb4d6709f2bf5ad31ee0135fcb44
SHA1bd0f2dadaaa841849be7b67b85efd4bce0527d77
SHA256688096bd932e488805cccf71f3271f6d2c5067a4507ee46ed8f063bf551dd917
SHA5120335372c0ded3cbe5f546ec76af1d3f7d1ad6ce0343d5092af6266966fe8c7b414f93bcc02a8319c0fdeb5f8e6fc0b36a377625203b74f17baf91ebb0c8de7e8
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
10KB
MD55784950e07601d09e4a33e2b1fedbeec
SHA1974267088da1f56b3a0ecb50ba9d3d3b9bb601e9
SHA2568cc072c32d736af32f31b64a305667515ab0deda4e45ba711c3b478d761db728
SHA5126af41ab57c45e0506afbe3de796eb0e2bb1ff9cdbea7507d771ff906f66253d90846a29be75f022d38cb5043732be7f8f4a0d64e606887fe244e46f04233021a
-
Filesize
30KB
MD5259b9369be72de852cb0c2134ef66967
SHA10467b260624e0ffe4a14ad65538effd7ca68c10d
SHA256c9bf6473746fa5655f53f0c76e5bf8f2b9d95d22fba95603673c3c7cf65e7d6e
SHA5126ed321582d95b0890a13eb5996232f0c1c702dc8def6a8ffe62f7b627ccf15a7d93c8cacaa5e9c14b5e8f9c9ce404ab313c8ee1ebfcf6a99fdd576b5942f8b82
-
Filesize
52KB
MD513d546b81488e85a2b460cbcc40bbdbe
SHA1ed8d23568e8385888b2da522d731fb64fa2164da
SHA256a68cf875ef437a6be081fb0332c24a5ed2a3124566faacc5f7197e8f6300abc4
SHA51244aaa92cf8be62f88ac308fa00a744a60b68ec31a21784953f33cf5da613129cf11e160ab754d178d46a05fc850d5f936962c710aea0d68cfa60811232bdbf7c
-
Filesize
52KB
MD5afc3d858b749b638a99f195b2670fc4d
SHA11fa599fefc045e180b4c02149ddb53ecbcdef8d2
SHA2569b003f3efe6c46ddc5437697c0f9ac890f5c79352137f229e166af796a5dbd84
SHA512a7db801c847f615a42929b5d9a1202b323dba37b44195eacb65bd27f059791980f14140210ed5c0373cf3eac42c680ea90e5e21b356e299116d331f75c3d1098
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD50a315a33bc5bc7b25df7bfbeed825f9f
SHA12da9007a9fd976ccda61af32b650b853eac5711b
SHA2560e342e9ab2171ab1b55f2febfc373488a3c40c28e00f898336a7f89f8b210349
SHA5127d51206e71ab50e1eb38954e97a0e7218515766f1165b9b340443284ce96f53b8ceda8a4bd40840702577ead6017214fe4ec9924af974db1be96f713a46c62ae
-
Filesize
742KB
MD5544cd51a596619b78e9b54b70088307d
SHA14769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719
-
Filesize
23KB
MD55e54cb9759d1a9416f51ac1e759bbccf
SHA11a033a7aae7c294967b1baba0b1e6673d4eeefc6
SHA256f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
SHA51232dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664
-
Filesize
5.6MB
MD572464ca47667df3dccdc606efec46c33
SHA1889a5e09e67518edbc60f494b326f077dfa42cb4
SHA25681a6a19974fb4f83ea650091e460b0aba2495df12466c91f479948c949472b2b
SHA5120984a3a05471cc030a6ad1bc27a7a3c2ca9c49463037d1eb1db8c2ecf26109ae3be0b978fb9cfeafb91884d5586187bf6df266d287982fdc008e1084cd91d0e7
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e