Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 23:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://silentnight-email.co.uk/c/AQiZ5AcQj-6XARisj42JAiCbw74dly62I8f2O85IxbivSypgzJKgvMQUNvu6atPXrSzdYPc
Resource
win10v2004-20240508-en
General
-
Target
https://silentnight-email.co.uk/c/AQiZ5AcQj-6XARisj42JAiCbw74dly62I8f2O85IxbivSypgzJKgvMQUNvu6atPXrSzdYPc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4788 msedge.exe 4788 msedge.exe 4440 msedge.exe 4440 msedge.exe 1724 identity_helper.exe 1724 identity_helper.exe 5644 sdiagnhost.exe 5644 sdiagnhost.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
pid Process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5644 sdiagnhost.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 2504 msdt.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4440 wrote to memory of 4752 4440 msedge.exe 81 PID 4440 wrote to memory of 4752 4440 msedge.exe 81 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 2056 4440 msedge.exe 82 PID 4440 wrote to memory of 4788 4440 msedge.exe 83 PID 4440 wrote to memory of 4788 4440 msedge.exe 83 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84 PID 4440 wrote to memory of 3536 4440 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://silentnight-email.co.uk/c/AQiZ5AcQj-6XARisj42JAiCbw74dly62I8f2O85IxbivSypgzJKgvMQUNvu6atPXrSzdYPc1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e47182⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:22⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:82⤵PID:908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:12⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:32
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:1012
-
-
C:\Windows\system32\msdt.exe-modal "197140" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF7C06.tmp" -ep "NetworkDiagnosticsWeb"2⤵
- Suspicious use of FindShellTrayWindow
PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:6132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:5188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:5704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:12⤵PID:656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:12⤵PID:5152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3984 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2692988082044474623,3870820688298792867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:12⤵PID:4596
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4892
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3016
-
C:\Windows\System32\sdiagnhost.exeC:\Windows\System32\sdiagnhost.exe -Embedding1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5644 -
C:\Windows\system32\netsh.exe"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter2⤵PID:5808
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061223.000\NetworkDiagnostics.debugreport.xml
Filesize69KB
MD57cd74e0a5994ee4393299b07608b7561
SHA161833b3b6ca7780800e3c675588ad25d03008a16
SHA25697f54827372d42a6d99a24e05e97c108a66a443e078a5ce16e25fd96af0d80c8
SHA512e417884edbe03291d368f482c4dfab24cd93c53dfd1861fc04a1997cd5f74be50b3448dbcc33a6a5be15c3c34cd2f6e23e5abc5952c4b362ff96f7bdc34912b4
-
Filesize
47KB
MD5310e1da2344ba6ca96666fb639840ea9
SHA1e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA25667401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA51262ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
6KB
MD582bb2287ced983833a9069821992a36d
SHA1c71a5c940617ddeaa7d84f1ae9191bfb3ae2ff15
SHA2569e6be6eb70937c94d3ad4b406c4d899897e6356d30ffbf0d2c64c4d0a07ec2ab
SHA51221f3cc5607c781b999072f3fb0c116c2c2cb218dc6c31f3989db1d983ad4a58208fb5aab70abd9a3efec19ac3c5bc4f21875f4cbef442ed6a2eb32b384ebe971
-
Filesize
5KB
MD5dc208c5101caaefac051089266316be8
SHA1ad32752a80e64bee78e830e43885ea2e401367f5
SHA2561788c4fb63780ff39a2adaf8803e3fb7381170098a0be48e6e6797624924c354
SHA5124f7c206b8a4c9587914954c07b71bebd121f06fa8a5ca1a47d5a7be28c8cd8a6b5afab492672c2286c08ecda4771dae230caa5805a9ac5b254936d622baef665
-
Filesize
6KB
MD5493a15b0eb54d6c540ea27a32ca5ba46
SHA1bff7fd3bb8f0f27fc54a3b4f5b545cdd83a13c81
SHA256e5a192ea38a605a1d61948c0902855928d7f688a4a223c8b291769418819a57e
SHA512766355bbd7231a99c379c6f32908231cac2d316e6bef9b2fe17b51b8b74d10755dbdce74d3ffc2365a694f969aa4efc3966066a9cf8f7bb103c9791418e78955
-
Filesize
6KB
MD52f1767385f324cd076e2d8ee06a2e1f6
SHA15a01501617ff268c16e301ae99f58e6f10255b8b
SHA256330e614cda702be8a08436b84982de1236107e5123ab12e0022e5abcd1ab7493
SHA5129901ccd3c0db833c0cb4e80dc4b75be7da94e0dd4a1a2e0a7f745ce37d3827642f1054fd83d6367d76d12b71eea08d49fcd5b8787bc42939fac318cded3251de
-
Filesize
6KB
MD51e4d87e1bb2f0c8a1c3e0bdf04c5b034
SHA191d16cf926ca296831711fa6bbe6b89b4db8594b
SHA256313303a03ac485a6ba7559b44d2f45c04e7506e1d5738b28bbab1b1254a0e044
SHA5128ed097c6bc8c715a20e1fbfa32168a7f892f98b4b9af8ed5094749d3a598348ea7c937666dc66f095d05b0302e31f550dc66f4ad5c4d1e4b6045f6147e953c5b
-
Filesize
6KB
MD52f93bd9909fbe0ef85d136af0894a418
SHA1606d06549a75aff7b71c70d4cb5f7b6c81dcc901
SHA2561e46d1c45d651769ae24cadd1c04239e38ec1f2dafbdae1be63a48d23b46b28b
SHA512c0205ed67b1f133dc8bdb6070eca0c62dfbc9928d63b4359ad219ad2d18a33f18c3170a8405bf39ca28c048c1234ea95e70accc8ac0c7958fa52493f5117b17b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5be4f5ea0b22936ad39bf77be25fc853a
SHA1dfcad3c1ec3520093ccce8e1ba2d692d5321ab3a
SHA2565a85a56dce1752e13fe80a4880c21d9f9adf763d3b1cab9246f0f4d54fe556ba
SHA512719b85a587bf01ec86a94cc1afa99d71a93b10674ac57bd493be7cce767d9960309f5e71b9e3ce0a3c44bcfe6cb024647d6c0885e5f24b5e895554684c43e8d7
-
Filesize
8KB
MD5a4aaacdb4fb6babd59b98133b192cdc9
SHA1c7f7302115c47589665be4b98ed2ac51c0679a8f
SHA2561de3d839dd7f450d7f601b31da81a4c590a25b9a8a37682909b03a4c27964773
SHA512764e4b95f8ae4db5fe188bee6344d169dbe9fb30314a6e3414b8eddccddf89f82b540890c3d5206a452999ada27edf77e8a17a5d4510398a38ed80966575c30e
-
Filesize
3KB
MD5e3c5410a5c6729f7da3b15ddff3689f5
SHA19a96b9fd62deb97b914d2f640ed416d281a2f939
SHA25691d07e78e244235e74fe8f34a28674a3f160e6dd12d15287382cf65b29c04fd7
SHA512e5eb1b54b36c889c3aa0c0d48aedd64ba7f8a35ed03be3cad5acf0a2e852070593a8e5694e66c89c44c8c2ccbe7dc2d1c789ef3458e2db2163e52b072cb33a9c
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
25KB
MD5d0cfc204ca3968b891f7ce0dccfb2eda
SHA156dad1716554d8dc573d0ea391f808e7857b2206
SHA256e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a
SHA5124d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c
-
Filesize
53KB
MD5c912faa190464ce7dec867464c35a8dc
SHA1d1c6482dad37720db6bdc594c4757914d1b1dd70
SHA2563891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201
SHA5125c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a
-
Filesize
2KB
MD50c75ae5e75c3e181d13768909c8240ba
SHA1288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA5128fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b
-
Filesize
5KB
MD5380768979618b7097b0476179ec494ed
SHA1af2a03a17c546e4eeb896b230e4f2a52720545ab
SHA2560637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2
SHA512b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302
-
Filesize
478KB
MD5580dc3658fa3fe42c41c99c52a9ce6b0
SHA13c4be12c6e3679a6c2267f88363bbd0e6e00cac5
SHA2565b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2
SHA51268c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2
-
Filesize
17KB
MD544c4385447d4fa46b407fc47c8a467d0
SHA141e4e0e83b74943f5c41648f263b832419c05256
SHA2568be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4
SHA512191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005