Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1241701744862564424/1250632024067149844/folder.rar?ex=666ba556&is=666a53d6&hm=1f14a3f8090c06905816d961fe3154a6dfb66319d270e6154e4c62d4440dc1fc&
Resource
win10v2004-20240611-en
General
-
Target
https://cdn.discordapp.com/attachments/1241701744862564424/1250632024067149844/folder.rar?ex=666ba556&is=666a53d6&hm=1f14a3f8090c06905816d961fe3154a6dfb66319d270e6154e4c62d4440dc1fc&
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 113 raw.githubusercontent.com 114 raw.githubusercontent.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{54BFB88C-263E-40B1-8890-E7F7D41C0FE6} msedge.exe Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3100 msedge.exe 3100 msedge.exe 4892 msedge.exe 4892 msedge.exe 4608 identity_helper.exe 4608 identity_helper.exe 3892 msedge.exe 3892 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 2872 msedge.exe 2872 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
pid Process 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3936 Holmium.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4892 wrote to memory of 1072 4892 msedge.exe 81 PID 4892 wrote to memory of 1072 4892 msedge.exe 81 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 4368 4892 msedge.exe 82 PID 4892 wrote to memory of 3100 4892 msedge.exe 83 PID 4892 wrote to memory of 3100 4892 msedge.exe 83 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84 PID 4892 wrote to memory of 3396 4892 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1241701744862564424/1250632024067149844/folder.rar?ex=666ba556&is=666a53d6&hm=1f14a3f8090c06905816d961fe3154a6dfb66319d270e6154e4c62d4440dc1fc&1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7b6d46f8,0x7ffd7b6d4708,0x7ffd7b6d47182⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4024 /prefetch:82⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:12⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4084 /prefetch:82⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,10173955770152106393,6414737060579143059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2872
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:928
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2272
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3040
-
C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe"C:\Users\Admin\Downloads\Holmium (1.01)\Holmium.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3936
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63ee96d7-6630-4cf3-b8db-03fb5428dec4.tmp
Filesize1KB
MD500502cb462e342f654475e17b4d76ec2
SHA1df2edcbc9ac643e4630b5ac85617890f697d98da
SHA25613be651168cbe67eafceb3c86b50dccda23d8c1e344f0ecc022620040d214be6
SHA5124c2dfcd4c02787619b74734707b218cd31b4c06557ccc443e523505c8a2daa1ce6fcc9ed3f4a4568c4640ef7ee4845cd0c806cfd637639396afe30e3cfa20fd7
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD5bcf2d8d7778e1ebc837c3b75915335bc
SHA1c7a1186fbbb39ac1a04b9cf64dba641cdd24c9d3
SHA2563bc12ceb802ad6eddaa5ed768f42f33ec31626bd424f219b58713a4036b126b0
SHA5124a9385156e524761a081780faccb8c6a4dbe0e0289c6707cedc07868ec167c82e4d06b199361186d508a4e8076a13e773b443868bbca116c7c0456d60e880ff9
-
Filesize
41KB
MD5b07fe559839d5ab1920a795bf8c5b074
SHA14e72cbb0858af473d7cf380cc4a704a8db52ffc8
SHA25661a605bcaee63256c8bacac2d0a6c27deb9f9e38b581a54da4589744fc07dc52
SHA5129331c10406ca27479657da7ac3fa16850e5002d9c45618f49bfb0108ce35abf3ddd157faee4cc52397dfd27184b9ea07918b727b6feb9be326396d18e5308cca
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD576e2533d5c0f986355fe79efb4f5e4c3
SHA11f26c931a1b019c96159c055b72e400ffd34cb2f
SHA25691c7483f7086c4019bee8005e6e32b15eea1d4c4e596c13bfbfb616d0f4f6a42
SHA51207f9f9ad2bc1ad100135494c6d3662d3e169df0d949ecff246298b1e5b6f9ffa87c75cfba323f9d6d7ad0317dc19f95da6dc22df16cca3130f035dfb2145e764
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5d78048566bb9c3cd449bebbaaaec9c3f
SHA1d72327d698dbd63483c58ff16379c8b0e525f2e5
SHA25662b470eadacea73ec43d1129d9792f655917fbc5cfe57c536f2560627bf29724
SHA512b9b1bcd80eb0d4b8c8531d3f23e066141caaf52f2a6b203372fe1d877e716a761e3bc4bd493ffb878b1136928724b93e08421423ccf7c249e980c5a0f3019ef7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5a2724325f81e41c2ee96dfd0aafd2f08
SHA164b8982fb03e83f1c621ad57af34e2301c34df48
SHA25670ad37203456e25496525146e519352c43b80f1bc298932a03579d566455de77
SHA5121e49644cb233ca21d14e2ed31eb1445a8c025c18033debe4abdf0ad53ebf025cdd1b166ef75c41cdf51a1f7214d038f2718b4e88c8133f27e662698fea463401
-
Filesize
847B
MD573180bf76c4a731def330dd524826969
SHA19638f853379b0a58a0bd2eb4fdc727ac984d4964
SHA2569cb166b6210ccdd27af6fa0af7847d732cc8d6d4a9082a21725e0a8ae68c70ae
SHA512381fd1ee294924ef0f65f70c6815b25bb8ddf4c50a4f22dee34823c355c3dc3453b00dafb418adaa270cfec86157e541d78bcb245e9d50a1a7843540344127e7
-
Filesize
6KB
MD5932f283003c9b0517f2f2c8294d3e453
SHA1df565dde29ec3491b0ea55d1db5770c697f24883
SHA256a99d831191d16effb510b59ff606a0bb0f0206d929ac3cadbb5a30f38a46bd10
SHA5126162a15617f43b457b726a13a681c6d42fe25428a59dd4bd5bac1d422cc2e1ee6aab6b8b791fa0bb78c654e7b87a6e6666c82814f3ee627d794402a4fdce0dfc
-
Filesize
6KB
MD57119cf80c65a0395cb3569e7cbb693c7
SHA102d70898ff914ffdc51d542bbbd2c24f18483e13
SHA256c71cb26b8c8ca504ead7cd978445b8ec91b449b4541b5bb695c9ca22b618f307
SHA512857f938b1935d83312c60714a69d0baf9759d0fa0c3873e6cda9b51bf2174de5407c4527bffdcafe20042218c49db08551c6ea4a6b6bbd979b7d6218a7a6070c
-
Filesize
6KB
MD542f1fe861151e63b3c35a675fbc325cd
SHA1bf50637190a74fd3c3122912e43a93d338a3d182
SHA256cd951eba90bd8259e213f881818aa7e43a9496f15f997aee6792b5dff36c74aa
SHA5123951ff8ae8442373fba20e1f77b0531604aad78e7d909ba5b24fe15ab47285a7772252abce8551abdcb0c7f0c225a86ed5e1719086edd113190eeaad312158f2
-
Filesize
7KB
MD52b8ae7dc292da483ce9d5409fdfb4f26
SHA1bbf79cd9d4e7d8be9790328e5e171ef6eae9c1ab
SHA256630a4fa3a4ab8ccb348c391b107568ad399abd7a6da693aaea62b878b6baaae6
SHA51281eecd2f7c21035b5a5ee63f28f9415cc8bce731f441d397ea16e00ab6079e06ddd0670881a9ce78769f5d6438d0e41c38f7db4da12ec00dc5888f4392129171
-
Filesize
7KB
MD5c7534d7bd42960d0134a232dbbdd1905
SHA130c50db9141e20be2bd6cd766c486ac591f8d8ba
SHA2560e3f24ecb8a42f143a8af0b9e565753dc92a9e803cf58fb60abea1f3a0037928
SHA512adad9ea4e315b88cd30b78541d4b036e61230ff6dcba8d475cdfe7fa230f21ac19c20773a22518c3b7f895afeb745b475e65511d3e53e8d2786791b2f1cedbc4
-
Filesize
7KB
MD5bd2b63d3058029b8a0743e21feef8a82
SHA1a02b4cef6d8f5635298fee6e8a7fb178bfa1ca57
SHA256a2de8e2c808d5f251b838b580c917e6643eb691ce2b2d8e54cfade3120e56ab2
SHA5127353ddbb2735f9d6dc4c273aabf4eefd1d687e460f321dacc654ffbf0520a81de1ad2fc494be0b284abeccd8d7fb0c104f9cab60d75a3930e2c9941098aa11a6
-
Filesize
7KB
MD5130834410d62063c11fa393d7588f021
SHA1c78c680c8bc3d69b77742e06c61bd4512309c912
SHA2563a5cd3a288e08dfe6d4907d05ceba969c660c4562d6c8042cc97523d3b7ffdea
SHA512b92c0be5069f9205d394bdf286b84b59185d8c32398a3a64b9e636e331e20c266c337d9ed32e11d615be14a1db16bc16476dcf63085b572cc2aab092fb8dce71
-
Filesize
538B
MD5b57663663b9cc908a184b6ce04b93d18
SHA17f174be5902484a09632279d4e424795bfc62d43
SHA256aaf8405489692bea4d29c3a8722ea92e6a5d2e9ff87602f6db0f569256c4ea0a
SHA512f61d1f231a09f006f3fcc135a727a889ba4fadd5c4fee69b214cc9b0297297f071d600a87933f4dcace3bb6f28376c015503552a374ceee6765ad039b73d053d
-
Filesize
1KB
MD5a1339d1bd1718c5c1b594fc1a692aebf
SHA1d96bfda2f5acc2e7ac796ff3f1543d80c3b07c4d
SHA2564e7b5fbc1c18b3af549d546ea9651f0a18e2d5e5c0957ee02944a15274d0007b
SHA51261aecde27ebda86d5dea2bf8e5478ee022b12ef862d45d11dc0581328aef7c8d1509a6a23e44be9d754436868b832ecc9373983de7f4475f568cc8d5d63ee427
-
Filesize
1KB
MD51774a5f56584c975d6004d4ffe5bbf92
SHA13502bff8c9cf7d119b878c6025015ee3d199e320
SHA2563c157fde7f972a2006091b4702f45a1f5f7ef29a61f3b55cf6509a8c56f46437
SHA5120a37c1f08682c6531ab92e6e2d3681e263caf609fd79c7e4931e2dfad4896920a0d10e341e8f3ffb68b140bf9573c1764e23245f75188c840eccf232a5d44699
-
Filesize
1KB
MD50f5dff76a00be81e8ce12ed7cb991380
SHA11cae7cc7091b6fecaa642530cdaf9051bd62689a
SHA256432255d1927ebd63c4ba3506bbfec623cef1d01cafc527917aceea86a8d7afc1
SHA51278302e26a38644ee09d7391ed6f4ffadff1f924ec2daa1903c37846650c83bf941797934c8cb5b4d85c5390f29195f26292dfe27a776b6f1edea5541f1d51073
-
Filesize
1KB
MD56bad4e2bc1cffc34ff9b6b1756ca90a4
SHA119c69dc94b20910f024b022a76578964af8113e6
SHA25605be6e231107bf1f4225abe7f8e68194790f8b392d51e5f79be649b9d2cd77b8
SHA5127fb1083d276d83b84e7743833fc0cdb37dcc2ef50b908441a5025075e411cb28a5f2d488fca968c15a67ab14eceeb01a135983ac100b069a7921757598542199
-
Filesize
1KB
MD550795f6d0c4bce95efc38994b3ee674b
SHA18263ffa0c9d41484385afdabd86e00e656e91682
SHA2568849f5a3568e7782d9566fdfdc9d73dc8fff42944046d71ab5a8daa6c24e421d
SHA512356fa86258019f79eb691e3b6ffd1891f628030503d6b7a6862202173273456a517e2999aae57a3a38eeb130659836bb9fb168aa1d13dc4c83f26e3bae7d075c
-
Filesize
1KB
MD587812542be2431aaed279e8ff58507c6
SHA1bad6807c06be38dfe29cd6d4fa72130eafe83b81
SHA256bd2f37f70e0cfd5a16cd78cdc62ffda7a596dcf260133ea90e87d6ff0c7e414b
SHA512a8c25718d3df7ae382c3fa34c8b96bbc0da6ce9e05086b38f230211762d4f7ccc03600fd49cc8bac77b211504ae3b88239c4d9874b38f14fda711f82905d5a14
-
Filesize
538B
MD5942e383bbb1c89ed48c8b2f08f4af0c1
SHA1a14868579923e615c369e8eb67121a68dfe16755
SHA2568a9afdd97525e16bccd9aa4b85c1632352723eabcfefd681ce972b92101ce042
SHA5120d800fe9f20323136380bdf3aac429f886d02978182377601680b7627790a85bc7a7e261d0b4b914a5f42258fda2159f8d25bd500d99dcb6cda08138cd0cec39
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD53b834ad4bb02cfdf16d2371a032aefe4
SHA18329f09f5fb8752047c0216f615a9ad78c7a6b1f
SHA25607cc659bf7186593c67f52c1a03d68e9d50249e681bf6af2120b28a09211f378
SHA512fbc769a23294e6a7268127d5faf006c76a63e4e5576400367a4a2c9869711e140016ca1d95dc0945632e264ecaf0dda51b7c592f684d0f9959bf0c2f4fc5b497
-
Filesize
11KB
MD5f5ce7cf51ffb242953d4ef0acea23aa9
SHA12d19cae03de98205191783a0ef4d3707506c0870
SHA2560b21efdb606a52827a442bb342608718428a6c8d40088108348ce8320f32de69
SHA512ec3d8645ea298fe9ff76ff62ddc5655c35793f6ae2321a5b67c34013851692fe265d62b4b613f6ee092b266122a4b705f740499109579176cd5157b832e8b62c
-
Filesize
12KB
MD5f2db459f0a2b348e9d72e2c23e31384b
SHA16c9a6ade821950b5539cf504e34d0ee6cf0a06e7
SHA2561651a3108dae0838fe02d3ce453bdd359d71ac3018b261ee0247df0e4b81cc5e
SHA51246649b67bb4a98d10960ecd73986b3b83b79c380ecac776d518178bad03b8577d70aea4684a3178d6dac0560155e11b434a49073539a5004c6b37a4cea2a44fb
-
Filesize
103KB
MD55482128a78bbefb9fd1545f2c6eb5968
SHA15f9fd4ea54c9b07f16d7d32e5ed7bc96ed749640
SHA256212ac8f4ddb413ef4000f8e9d807edee28fe6b9f728ce1f7f504291f2f189e4c
SHA512205d49741d7c7598e32945c6ae59385572d625714f3bd3f907419895005c6d7171668c09bd983d28098565343c451800cfdb1b38f2de1959f4c715968e00435a