Analysis
-
max time kernel
79s -
max time network
76s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 20:24
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Signatures
-
Suspicious use of SetThreadContext 5 IoCs
Processes:
Insomnia.exeInsomnia.exeInsomnia.exeInsomnia.exeInsomnia.exedescription pid process target process PID 4236 set thread context of 5556 4236 Insomnia.exe RegAsm.exe PID 4860 set thread context of 1868 4860 Insomnia.exe RegAsm.exe PID 6060 set thread context of 6128 6060 Insomnia.exe RegAsm.exe PID 4000 set thread context of 4364 4000 Insomnia.exe RegAsm.exe PID 3792 set thread context of 5192 3792 Insomnia.exe RegAsm.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 1664 msedge.exe 1664 msedge.exe 1788 msedge.exe 1788 msedge.exe 2948 identity_helper.exe 2948 identity_helper.exe 5168 msedge.exe 5168 msedge.exe 5700 msedge.exe 5700 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
msedge.exepid process 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe -
Suspicious use of FindShellTrayWindow 41 IoCs
Processes:
msedge.exepid process 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe 1788 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1788 wrote to memory of 3260 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3260 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1912 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1664 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 1664 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe PID 1788 wrote to memory of 3880 1788 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://insomniahack.fun1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1788 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99cac46f8,0x7ff99cac4708,0x7ff99cac47182⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:82⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3472 /prefetch:82⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:5156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:5560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:5688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:12⤵PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:5748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17705358012096272508,14723259114655169037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:12⤵PID:5760
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2380
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3636
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6004
-
C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:4236 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5556
-
-
C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:4860 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:6004
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:2140
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:1868
-
-
C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:6060 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:6128
-
-
C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:4000 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4364
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\HowToUse.txt1⤵PID:3960
-
C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:3792 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5192
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"1⤵PID:5292
-
C:\Users\Admin\Downloads\Insomnia (1)\Insomnia\Insomnia.exeInsomnia.exe2⤵PID:5572
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD56f9372e594fba7ea13b8f75eea1b49ea
SHA1b405b0640a6721ba46757d34fb3b2427f87ff8ea
SHA256fdba67366cc1dd73ef035921e1d92afa08307440f50180876fb2578ae6c7bac8
SHA5126f50fd193739d8ba6df00048834b1f3dcd5099ba11d22145c71d9cb36f38c09bf08a052d3dfc491d36135068d423dddc023d3478017047ecb8ecb233cb54f43f
-
Filesize
557B
MD58a9b781f033e94d385deb670f2a6b6a0
SHA184f7bb222eeb2e646b4d7af057170d7b30723fb4
SHA25696a051897f1904f2646cc471bf52cb7eec968f05fd709ff3d51bc3e7b46d125f
SHA5124db8e46143b3bf85b938cbfa997d7fe99b1e546295d0f74bf1d600e969f6179668a559da5c45405d731a088475642fd73ad861faae8f2c0482ba3060f9fb857f
-
Filesize
5KB
MD54e8ca7f90c8de58c2787c50e5840edb7
SHA154a358c53d73b70e010d014949f401d7d901dbef
SHA25663f847ffafb3f2ae48ad311e9173b711dc3e3ee9c317806f780ad016896cbee5
SHA512d1ed9e9c70c6bbf4edb0552341fb54649037d9bc2f03a4b91344a0538dcd547b583ff3f11903fa125a96cbed4390c52d756eddd0605736d5bd36a0eaac19b9d4
-
Filesize
6KB
MD55ec8efec320e73e42106692289c3fb21
SHA111d8d8ffa6909cfd3315b81708ada5d12f99870e
SHA2563d8fa59d38596f0802d97c44c46a475859ef649ab2d888f3b44872b091ddf2eb
SHA512f13247938b935295b8cb0f7c7072a56e4d83312d56b0e48e7880994cacb6bc62e25808b2689c1f0a9a1932c6c69434ddb705f05edf8843cad0ff4387af46942a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD547f858c75f16c9742f9c5c53b6400d16
SHA1069c361cdde665c376d4061c21d405c50dc0267f
SHA256aebe302234f8a6472cc3628891e4008f20f7ee33d15e140e4703da8879a4078e
SHA5122cef4e8e5acd008137424345d20f79fb8c39ec1b4b08f2ee51941dccb5909bad34583c609e8af16b058e3b624641b658964696c6a810699fa1c6d08d8dd96fbc
-
Filesize
11KB
MD5e51a3b06383816bc9aa87b76a8d7e266
SHA189ea02d500891bead02cd37255e7f0fce5f9c90b
SHA25673f5510b83e7083024f6571e483007aeb8c3ea195676de435e64a9d1249a9ba8
SHA5124f296fe0eb3f4c24f8b185a5d639a9340ed47b2a12effbc756cfa179cd2d412bd23337fac5819e299508dca42152ff254c6351f23e472492bf328efe3791643f
-
Filesize
716KB
MD5a67c705eb6ebe78918678e9ad7e5c61f
SHA11078470a5c7d96336587b9837ca9f8791cf31ac7
SHA256fcb17657f70564e9c12bc1c210b95c298dbcb19cd676e71a13ce605e9620a6ff
SHA512c739c3ef4f559411da20d715ce98a09277ac6727218f6e725c2f3d0a6706bdae34bfae67ea61925033dac67a28bef4398a530650b0126f87744978f18b4d680d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e