Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 09:40
Static task
static1
Behavioral task
behavioral1
Sample
ClickslutV2wU.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
ClickslutV2wU.exe
Resource
win11-20240611-en
General
-
Target
ClickslutV2wU.exe
-
Size
962KB
-
MD5
427f703786c6885d6eef5cd1311de4ce
-
SHA1
44900361fe9e751df32b6c95fc62b99e44601157
-
SHA256
1b0796e08e15c24e162752368f3a5b4181f255bfd11500d81b258b94d0552ec6
-
SHA512
aa6ca1ef2d4e06b5c268de45c4e9a49bed25a53a885d614518ac4c348af8b4ab9618b237c021e9f3784a11337ce55065924b54bdcf96c48f3d191434f03010fb
-
SSDEEP
24576:QU+9XNrenyktDLdYNtcdvQNC9wHAP5c1gf6+mR0y:G5OVeyff6d
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation ClickslutV2wU.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 58 ipinfo.io 59 ipinfo.io -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\New_Wallpaper.jpg" ClickslutV2wU.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 59 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4412 msedge.exe 4412 msedge.exe 928 msedge.exe 928 msedge.exe 4320 identity_helper.exe 4320 identity_helper.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4032 ClickslutV2wU.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4120 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4120 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4032 ClickslutV2wU.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of SendNotifyMessage 25 IoCs
pid Process 4032 ClickslutV2wU.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4032 ClickslutV2wU.exe 4032 ClickslutV2wU.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4032 wrote to memory of 2168 4032 ClickslutV2wU.exe 85 PID 4032 wrote to memory of 2168 4032 ClickslutV2wU.exe 85 PID 4032 wrote to memory of 2168 4032 ClickslutV2wU.exe 85 PID 4032 wrote to memory of 4976 4032 ClickslutV2wU.exe 86 PID 4032 wrote to memory of 4976 4032 ClickslutV2wU.exe 86 PID 4032 wrote to memory of 4976 4032 ClickslutV2wU.exe 86 PID 4032 wrote to memory of 928 4032 ClickslutV2wU.exe 91 PID 4032 wrote to memory of 928 4032 ClickslutV2wU.exe 91 PID 928 wrote to memory of 1060 928 msedge.exe 93 PID 928 wrote to memory of 1060 928 msedge.exe 93 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4384 928 msedge.exe 94 PID 928 wrote to memory of 4412 928 msedge.exe 95 PID 928 wrote to memory of 4412 928 msedge.exe 95 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96 PID 928 wrote to memory of 3948 928 msedge.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\ClickslutV2wU.exe"C:\Users\Admin\AppData\Local\Temp\ClickslutV2wU.exe"1⤵
- Checks computer location settings
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4032 -
C:\Windows\SysWOW64\notepad.exenotepad2⤵PID:2168
-
-
C:\Windows\SysWOW64\notepad.exenotepad2⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pbs.twimg.com/media/FWc9ec1WIAAIViu?format=jpg&name=900x9002⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff93aea46f8,0x7ff93aea4708,0x7ff93aea47183⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:23⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:83⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:13⤵PID:1308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:13⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:83⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:13⤵PID:780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:13⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:13⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:13⤵PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:13⤵PID:468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:13⤵PID:1332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:13⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:13⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8712845256882406357,9343949899427410266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:13⤵PID:5436
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pbs.twimg.com/media/FYTo88rX0AEsWgi?format=jpg&name=900x9002⤵PID:4952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93aea46f8,0x7ff93aea4708,0x7ff93aea47183⤵PID:3688
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pbs.twimg.com/media/FZMUoZeX0AAOpDi?format=jpg&name=large2⤵PID:4856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff93aea46f8,0x7ff93aea4708,0x7ff93aea47183⤵PID:944
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pbs.twimg.com/media/FWNqgp8WYAIpALS?format=jpg&name=large2⤵PID:4180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93aea46f8,0x7ff93aea4708,0x7ff93aea47183⤵PID:4608
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pbs.twimg.com/media/FXLfhhFXEAAMqlh?format=jpg&name=large2⤵PID:5176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93aea46f8,0x7ff93aea4708,0x7ff93aea47183⤵PID:5192
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pbs.twimg.com/media/FYNePn2XoAImIQb?format=jpg&name=medium2⤵PID:5360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93aea46f8,0x7ff93aea4708,0x7ff93aea47183⤵PID:5376
-
-
-
C:\Windows\SysWOW64\notepad.exenotepad2⤵PID:5968
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2ec 0x3cc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4120
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4472
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22cec89f-ced2-4ee8-b8f3-fa50b650fb4f.tmp
Filesize6KB
MD5a86cb13af862a073c862dc4d35b4859d
SHA1ebba932b19f01cf6e6799d3c8a0381186a41ef0c
SHA256143bde33ebbbf6931ac507298ae3d6766489a580a2f9e881201424c4c2330177
SHA5123f3cabc44b0df03db8bce6eb55827f00228cef28cd98aa4724faf1966940ce8df14c8db1c1f9f400281a3918aa2325efe673134e4101687c8d362cde62687c33
-
Filesize
181B
MD5e6a499a2f0178c5180c3c9a3a4af671e
SHA11ff5365774372c6546be6cd6b7976ac08e18b443
SHA2561e01e077974dfa2758f0275ec9cabc572c0c8a0d42b3d4c6943087e88b5c8308
SHA51213d070190a17d8d5beb5a736755b60cd21b7574bce299ee7d6b59df5c1bd5bd195309888b71f50d9e1abaa7fdc8e08271171459773b9f04554f3797375d9331a
-
Filesize
7KB
MD501aff56b0e4fa8a3b557bf4b18b6d0c9
SHA1f41531189208f6a56bca6eae8e278db3aa7bf0d0
SHA256420289422d3cc5c6bc1a1fc794b81d0a8dcce110e4ea9c9554b5d28d1f52b8d1
SHA51275d0507945403b3777f8bc88106e4d7a5ad84b6c1fc7e570959d862247c7173fdcaa65289c02ed49e4a98d6ddd0b4058a7b9bff6629231217f5cef1842ce24e7
-
Filesize
204B
MD57185ad565b01b9f55a1a7eedc6056fd0
SHA12e7b66d936d3e3c78e04a3a75b8eb40035a18fcc
SHA2569b8d92ac8382e2467622a9b296702ab869d58f58cdc39a75ec8ce66f3e31b5d9
SHA512d24dc54200537a55c3691e06fcf6b61ab167a9490a33c9cb2b18ffdde1e70d544921ab7422c1e0a8bccab10248e50aac383294fed576229c9cdc602324c78a92
-
Filesize
204B
MD54b7f53f01764fb165b236b8a83f23536
SHA11630298500b26a758431a6fbfe1c10447c1e48f9
SHA256806e623d33f65dde10d68ddd1ff3fed6b3925b7534163f3b49cb1ade05114a6b
SHA5123d1ebfc008f068b18e608e00d25edb035d0552ce471f2a5582400816cbdf5912267ef4c5a4446e60bd11d52e3fe8c78d32b4e52ae98e3871b3c569378c620ceb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b2714d6a-62f3-4e6e-9e61-bb1926681c35.tmp
Filesize6KB
MD57c04a7ab23685e908dda84053671cbab
SHA1b8d3ae98dc6653595d9d796f174e2877a7d9b4db
SHA256a1b78fd0a61649ad69e876adf46905141f3cd2d876177e52743966bc055935c9
SHA5126d6182d879944f98f9746af63af1f2d3fd23e8caf5c293593eb08695473345cb7545eee7a8e08064468e9d16a1554723c85ad2e371ab139506e45c475505c412
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54b7732314ee4ab805a680efc55ec8fb5
SHA1b4d311ad62c91b69d412d14344f423b772371e6e
SHA256d9110d1bf7239b1deb141c4e254b1b543461b4510045f3946ebd7d12269b58bf
SHA51243fd46352f43b01c4f0f5aa02c0c18d71c94e15e2cce074043e723e7a489f385cc84702705f0ee26840f5f5ebb6783aa870434d2f5153dc53557952ec4f2effb
-
Filesize
11KB
MD5e18de51bc172bfb7ce7bbdbd19906630
SHA17dd0fd100861c8fab8daf673df5476c145e6d21f
SHA2564832c17894a89ede7ce0164653229f62067acb6665072aaf0352671da36a4b4f
SHA512dc161bb8c38226758a9a6650594f959b20801d6000710a2676ab669ed12388fa05e997052367b73b6219aa9f8968cdf5053f9192bdcf5d678b872e394b85bea1
-
Filesize
11KB
MD516cd8d759f3bd7f02611051cf288d6de
SHA1a114a25f43f30cdd5cd5f63b7c6f902aafe07a03
SHA25681afc308bb15a196a040d4e781ccf4cccc15ef97c1e1d550507516e882fc9b5e
SHA512667adbcd1b743b332732144dfbebc7af7dc2dae11907e0051012273b866d99a862a1615474e4fa2ce1688a143e071a1e95c3cb5d0e23b4b500d3be5adadbe224