Analysis
-
max time kernel
207s -
max time network
233s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26/07/2024, 16:19
General
-
Target
Unlimited Ammo, Aimbot, Esp.py
-
Size
8KB
-
MD5
7a39aed6eda54d2e5fd948cc84dde830
-
SHA1
b9eea9b6f2665fd4b82ea54d02a92b727fec9f6b
-
SHA256
58e101ec707a8771a8d4aaf0e47a1a73b2d841555d7e83083cdd9e851abeb78a
-
SHA512
43ff3f48807670d93edeeea4317fe24870d30de5a0041723615380fb9e1736422ed02cadfdbc1bf67a39ddded03a6d0589b3996a9adf92d4e71dd3a73f07bef7
-
SSDEEP
192:gg4Cjt+ob+AGIWMWrXgvlZ6pLT0dThGEan2Cp:gCjt+oiIWMWrH0dTMp
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 10 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Unlimited Ammo, Aimbot, Esp.py"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb2fd046f8,0x7ffb2fd04708,0x7ffb2fd047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --service-sandbox-type=xr_compositing --mojo-platform-channel-handle=5864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3732 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4155082432686758439,10646518599302313543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x50c 0x4ec1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bafce9e4c53a0cb85310891b6b21791b
SHA15d70027cc137a7cbb38f5801b15fd97b05e89ee2
SHA25671fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00
SHA512c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c
-
Filesize
152B
MD5a499254d6b5d91f97eb7a86e5f8ca573
SHA103dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1
SHA256fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499
SHA512d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD51d9097f6fd8365c7ed19f621246587eb
SHA1937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3
-
Filesize
41KB
MD57641a80b3ca2bec272955ead35145995
SHA18e3d61381786090bb85e45d156938bbabb17aa0f
SHA2568b712d8018f2c97283d0264ace2a982a627e050d0b428597a6d31abf78db7d79
SHA512c96df8fb697d229be04d06569c2dd0212b2bca6d1e4656000433175969afd0bd05e667a61328ee47b1fc4f359a2aaaa9c31c930e8ce52f1f8f958aee25e9f0ba
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD5d20f500f9e4e8bc3fbf885d3e9036b32
SHA18eff61e7789c5bb7564be8cc3225ff10393a30b1
SHA256088c9b305f64ae73af52bec73101e6bb1914b8e0931cd1d3aee8944a3abd18bf
SHA5124d85a1aa21fb92d51bfd01a104c847f79e4c14d4f2202b6c14e6275f05ca699ecdbe56bdb7c556f8a651832440201bda80a7f1e3c11778fb22c201c9aa032642
-
Filesize
583KB
MD58398a123a319007d71c5360eb7745e6b
SHA1499424b11ee25b3593c26c4722e6704b9fa499a0
SHA256d96c2709b10bd08ad7d729887384d726844c4045af325121d1430931feb08549
SHA512614eb4e637190558c0633585f89be398f7ff8a3735af02fc75caf217ad15dbc2af0e68d60245819835242ba6b67048bc7b27beb13f12dc14991c59e8e3a0ea95
-
Filesize
233KB
MD5bcf3fdf779e9ad1290620709ab098a43
SHA113182e1336bf5a9d76f7b6836793b320426b6c7f
SHA256b2053aa4de73cfa4ab76ec7f01f9c991b2c9b0bd13a9844f36118981aa66b0fb
SHA512607063abb23dc0eae16e1e01c733380778a5acf456d35d0cb0b5a6a52caa4398e13f8eb8cb8617ac9b380f60f9a872224e1caa73eea002cd9a07533e9cd96813
-
Filesize
5KB
MD5bad0d782bcc2da940331dbefc8724ae1
SHA1acbf874ef9cc96058013e4817735e8c0152a3a15
SHA25618c6009d02b2e35853944f2ce5ca83dd9f16bc16f0d6fd81fde1e413fa097156
SHA512b0acfce4e7012f6d46f5c426258fa91a35da35c16db23625f6087b1ceeec8621ce05f075a9cd44a5189d7fd703d2674ed1ea7de112389bd71dbb8befaa8f68d0
-
Filesize
4KB
MD516c7a5f27430a1b9e58240867e0762c2
SHA1be25187ec91afdba39141cd21e6361fa2b463c08
SHA256894e4e6da55d83e104ff094855ea1fac1b949546884a35a20665c979ca49aa14
SHA5122946fa01719a9c7803d9bb7cb53bdcc534945a1b094e2844a97707cf732bad703645f5c2cc9b211df0a2b800e7a67b865642530463485360cf7dda1c55b287a5
-
Filesize
96B
MD5cbbf7963d59f226d35b2b4c6ba9f84e9
SHA1a20abef0a6a2cb36d48787a4210894c3e3c0929c
SHA256987257a5d6e90b4f80f96a64d7fd165e030323fac010b959de8ecef75a8b309d
SHA5128d4d55b86f5cf83905eb8845f21f7237c4f0befa786d6ec14dc8ceef92f027277c1e95abd8b0cc51fd547f2972eadcf22395bbcc04b36d1bc318561ee0c52e4e
-
Filesize
96B
MD516809b6959b0c46c45c16336e003070c
SHA1dc81d3617608af7bef19b9879e875123cb6dadeb
SHA2567668070306939f7fb68a4eab640e9045475d0e346ee693385a6b2caed175c7f6
SHA5127b86cbf342b1f32e14fdb38418410216292cf255ce462f03c9524b8fe71241bf1d99bd44f2e7f507d4a15d936bd0ca923c165462fad38f6e96a7aaab51ab989e
-
Filesize
1KB
MD5d21d7070db9512e98eceaef81af52956
SHA15941f0cf248fbfbab57497a0c2316b92b33a7ed1
SHA256a0683311f8e8a1c408c951699ed5f983b6645bddb08e058cf44c8fdc1e810489
SHA5129988bcf19bc5a6caa9e4d8cc6583ddd300ae1fcb918ae3a892b1eb0d39b41eaf240909849bf05e07af250f55bcd5ac3a509923d8a576db742e73df11fcf3a2c4
-
Filesize
3KB
MD53a6927ca40ebc4319e41ad7853b534ad
SHA10fa4828e201d670580730b04ee6ecd6ee4b953f8
SHA25618ffa9276a8e8b31dbb8da5a9aca27f72b454ae08e861e4dbd1b8370b8600b05
SHA51227e91c91eeaa96ef4f6df7166e631fb529b7838eb0134db92759b4e921bf2740ce59f769c40a930b74c6ba812f46a582e4ca048e083f96da8e690cdb74d04277
-
Filesize
5KB
MD5f5008698dbfbd4fb1199204c2547da77
SHA17b0903f9cf214a43db12f76501895c494b95513a
SHA2563f5725a9bdb69c8d47a704d86445b39fda696e8b9df0048005508f6f160e13c9
SHA51259a13d46aa48b5d0998c18b27f067f4b337af3ea94513aa7194d34a1bb792b64c5f8e6d91f5cbeaa43950f0d55229db1f23954ad04483d0b7130cd80ac2fa4bf
-
Filesize
6KB
MD53e0c6d5e269b91bb7059d9f7be025edf
SHA1cec772841a959d400d2e2a66e1c5e9e389661f07
SHA2567547eb7bb5b0f7fa93881765949156b78c7dca7172d8707cba7eaa02ca2b6d9c
SHA5125d46f4fde4c24b058bbf1234b8f847e1bc7a183a8c43e4c007823767c7ee7e8b5b248517ab1bc90c94c35a0b2fb51ef74c243a11e1c1b3b09e930d2a46f59497
-
Filesize
7KB
MD5fcbb88ca5a999ff78b69817e47399069
SHA1d7e20082ca1ff5fea5d5b8c8583745d4ce90f0d5
SHA2562de29f09e13397c51ac41d095edf4923389822883550614899e88f23cc828576
SHA5129d1802e5dc3a355278678b7794868ea01ceda3569933967408ae82fbdd4b937f112a702a05852d7591a039092873511c68e88218b8f9871128e7ad79a53455a6
-
Filesize
12KB
MD550675a7b97e21b5c8920884cb38cbd1f
SHA1495b298b6fc087ce4b096cdea7d71137553d043a
SHA256551428af98c16f1a5e43a305431ef68db2e004e16ea6dc69edbd848f6fab7291
SHA512e1fb87772f982add64dda08f275efba851a6a4a7f878ea01ce0205de21387f8d50bd2205089cc52f573587757eda4266da932919b1ccd34abb1c72ab7929793b
-
Filesize
7KB
MD5ef592b935342bb779901d299493af345
SHA1bfbaafd5b22a0c726d4eca4db5175e1379354739
SHA256a98807576295a87d483d705f06b83e9a3bdd8d0263c8ac3d80ac614fd4bfe1f4
SHA51236a3ab664ae033e2642c6bd52c37b6c5d44f4d9c73d590eed4272063f5be04c672a20db087e4669fd04f77e776ca5566a9678d51e9fe2e1498ec018e922031d9
-
Filesize
7KB
MD5ccaea1bcbc6bfb2231cb4fc3dd357c2b
SHA1961ae2b1f0220b10c339e8893ee3371dff35a8c4
SHA25660ffbaeb5d4a4f6de00ef48ba070a6894b5fd3ef586dcd761876cc2e2a3d268a
SHA51270ebfe274b36ad2c182e7c37ffb239af6fce2e8bf5f19d400fd726964a882c8db831227927f5cb9d87b0ce18c29efca85d67f96ea4025f49a0afe1679817ea69
-
Filesize
1KB
MD5f3ebb2723361edc2f6eb18be0a2726f9
SHA16f84ba324ada4176d8af5cec0ffa63f8d6b6e264
SHA256f9587e4c5d86bf2952cab061eec190c98484a1ae827904d19d37ab5e81f030d8
SHA5124b69fc79f28b5de5eb2a1ecc48fbfa730abc177ed3dabb27eb487a1faaf8c51a3d6ee862ddebd6ad2ddc13f4fb6f3786b573453a0898bddce145a8a8304471c9
-
Filesize
2KB
MD54be8c5a25447ec4720da1a997aca9779
SHA1a127a724fde8e730d54bc0a8b32d31d51af8867f
SHA256e6424cfcb183ac59e839a4b898859f43d520bec93203218dc265f0239deea567
SHA5124dcae1ca105f7c24578e7f06c164e80cac9dd34f832df8f7b18c763c72ef548a2108ba3734e4f82547d0df1489e7a8248b7d70e405156cf5a4ae8fcfaaf838eb
-
Filesize
1KB
MD56a1ef2e8abc5d00497091ea793265964
SHA12b60769b261de08141e7a21a9d9ad20b7bf707fa
SHA2561ec9ca4a0fb880e22bedd38fd531bf84ecfda8d3965d482e820875265135e876
SHA51252a678811723576da3ee4c22096e661d14718c27e1e40402caa20764da1e37705efc241f49b69e9463604c06cd7f5c5468595fb494647b721049385d15013bb1
-
Filesize
1KB
MD5cb29ae275898a0d2f66aea1a55847686
SHA1fb3990c373a0f30dc53440597d44e090c9d3234a
SHA2568d9fc2a484ceaa3e634231282b1bcdc4c20bcffeb8b00ed2bbd146dd157844ec
SHA5127dc764fe6c4b1d072fa480d0fb6d02d179329cc85acdff9efb80a6cdd722630f613ec641b8f37a893f7b1a15ca83b24c8c3798e5dda4f74b2858bde75d0fdd38
-
Filesize
1KB
MD5c04d4576560ca572c4df08534ea797a7
SHA1f2c81d5f1121e3c060e14e378de57e5e30af513d
SHA256dba7e08ecd1d57968acaeff7c18f4e80ec37c1e6c0b427a66477ba0588966f63
SHA51226e4c7c89be6f124dbfb93d4d23d9cba24b6ac598edfa39e61f4bd91e90c502c59347d21ffd35ec6075137fe462980f033bb4b9706d9c80b4845711e7b3cbc0e
-
Filesize
538B
MD5f33daf9cf41c5358861d3386076a95ce
SHA15167dee7a4fe0f8d18fca4b5aa4caddbbacef7e7
SHA25627a8bc7cf074fcf7a5ad86a2f8e4840567849fe9bf23db710a1352c6f7c64757
SHA5126758b0b44ec7eba96c01cf0ef18d44c443c9ad9fe2b53a2a4b1b9159d9ad013f2e873fbfe96b092d01631f2eeac8a7656d5f303c196bf9891ec7c8bd0a2ae883
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD574b77be427f36f87b48402e04df491e5
SHA1684a57ca871c5a3b5b7dfc25799bf46834a2b8b0
SHA256aaa3b8a06ae1052950124941e75cd230e6cab2c51ededeaa542a9e268d1c19e4
SHA5122a3009702fed7b32d900abf769f163824d3676697829f08c1d830ecd22475b64998b54d558a72e230b5852ddfc680b817a195cda072b84868c53341a16bdebf7