Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/08/2024, 00:23
General
-
Target
https://chromewebstore.google.com/detail/free-robux-generator-unli/
Malware Config
Signatures
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 5 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://chromewebstore.google.com/detail/free-robux-generator-unli/1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb57d46f8,0x7ffcb57d4708,0x7ffcb57d47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5184 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1856 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6992 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\vlc-3.0.20-win64.exe"C:\Users\Admin\Downloads\vlc-3.0.20-win64.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe" C:\Program Files\VideoLAN\VLC\plugins3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\VideoLAN\VLC\axvlc.dll"3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\regsvr32.exe/s "C:\Program Files\VideoLAN\VLC\axvlc.dll"4⤵
- Modifies registry class
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" "C:\Program Files\VideoLAN\VLC\vlc.exe"3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,1950028964838663434,2360992119230041479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
307KB
MD5d3f405c7b76b740c1ae369c9b8e878fd
SHA1d04d842e7929d67b202cfa8afd4faf3a3c4d75f5
SHA25654acaff2932473ad3f1da095e885349598c37777989c9cabea2d9a8733172954
SHA512e5af1392a8a2c68f00a1eea6bd652950d7b6be485978263bcf0e00de10a69a227f06881af855e482978d0d4a65a22193fee5f8b0c8fe4a1dab70474ef4c33948
-
Filesize
43KB
MD5446aeab4d4d305de67976af0a1b0b2ba
SHA1bfee64b6bc34c47b87ef1c1bf6e5957571055947
SHA256e3a113019592ba069a90ca7e28dba8c6ae9a646e785fbae7dc2d29765b7ff5c7
SHA512b20b8873d2684c7106f77d9d11d9a1b156efb16bb6e9651c650c109733e4dfe5edb92d3b851dafa985eb4e9820cce1b0ecc4f11b67867e43746bfec9150691bb
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD51d9097f6fd8365c7ed19f621246587eb
SHA1937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3
-
Filesize
41KB
MD5ed3c7f5755bf251bd20441f4dc65f5bf
SHA13919a57831d103837e0cc158182ac10b903942c5
SHA25655cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d
SHA512c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD5027a77a637cb439865b2008d68867e99
SHA1ba448ff5be0d69dbe0889237693371f4f0a2425e
SHA2566f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd
SHA51266f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4
-
Filesize
2KB
MD5dbafb0cb413105f5a09638f91700a3dc
SHA1b6f83472d24400a8edaa189954060075f42c0b22
SHA256d25e5e370a4eac6d67fef9039a715b0da3989d91f6f72c257bd70e1d64c586a4
SHA512e8d6b091ce2b2f9c26ff928b66fdb644d2c1b23d6a71bba81b0554385f7e48aa91071ea3821f00f761a59de267b1c045f8451851e26aaa39701f770560ebfea0
-
Filesize
696B
MD5255a40c132a0616ee165bf6415f326a0
SHA15cea743097b4670633dc6c22663a319d6a26a448
SHA256743dd32f8b1f4ffb80797aa919efa59a46f3dfb42cddb31969c60096145ed86b
SHA512823cb4586593f468d181c5f9ff28b548e7dedfaa59449d2687bd3868eae75e82893011a9f62840907150f518d630b144a9222ede6edd3e1417f2f03fe59b244f
-
Filesize
3KB
MD5c230b302d9fcca39b15bd2585781223b
SHA15a946dc343e6c3861e6fc760eeec3c474518d6a6
SHA256988551832cef7b8e713e560dde6647f0723df77f3b66f744c107b23c96262d70
SHA512e351b7437b57ea3dd8a535a939b63ecbf164e8650250d6c4be2040f4fcd779bc054dbdb723f06a193601ad8f33d34424a28ffb530d260f21f850cfb57954788a
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
6KB
MD561fe30cf627986fc91a41e24477f2285
SHA10144d4d9f840ce1f1b8fa59335ee3544b08b31c7
SHA256ee1a2ea0878a0eba7d84d6415a19c79818d639571f07354bfeea8c7989d76ae3
SHA5128436dd20261aa1a37e3b21a7538cc916058514c63482cb79b324617a27d1364dde6906d99691284c4109a4dc9faff05dea2b6c4950a7926bb8eee692c82ebb65
-
Filesize
5KB
MD548410ba1f2db81c6c9410bc057078dd4
SHA15a360c11dcb817ccd4024b6c337fb4ddd6abc297
SHA256042d66005821ef1bfad362968e2586a06dd1f3a9fcac5cd9ec01ae8c519df62f
SHA512006efd23ff936ec16dc1a89b0c4c189986a5e5a0f71d826b61227045af8d45adb966f37d3abd24dd90311a3d78c45b423d6c410a7e28bce0d06ec19c52966400
-
Filesize
6KB
MD5c05fb859ed8a73cda4062fd88f52f23e
SHA1c1348d1bebfa0de4281a2bb2cfab168b87ee74e7
SHA2563bad5356a11116e339a4329ed29f13ca486df965fb084e009861663a817419fa
SHA512ca58a5443c0b89df1fa098d27c8572c2e6ead4577a4bdaebcb37ab3c576d109120b1bb6dba7ed41f60b64800a118a7e1d9d6cb4666539578c56735b8231afdec
-
Filesize
7KB
MD5a43e6ed2da54b1a0f27e7e1d8a06c2b6
SHA10dab5be1fddec951b262cfd8832e47c6ae049d3e
SHA2560f73d5620fab9b200e77fa420670ee61110f5e4af895da1096dd1e5cfbc7809a
SHA5122dbd67d8a5e9c5cb98a2c125041e07d5c1780e1d0f4c7880cae9d77f7e69b7e041cdf546436f16849dedcd6e021d13505b2285b354b838536e5921299bbb5cbf
-
Filesize
7KB
MD5658e58e26583e2dcb1dbf4071eab0679
SHA1fe9bc12135e7503025ce109ed47ad05ab107980a
SHA2560aa4ef497e0fb1e8b998dd6b8ae7407a185090b5f8c933073d00d50015a2c93e
SHA512ccbc2357bb6cbfc2f1265a9438d0a21017c9e2084cf30c4b0ffd81fcf19cdf039633ed715d17d0862f4e2723532e7c58cf66dd43f310bcd5e7d90f2fc256a199
-
Filesize
8KB
MD5011aefaab108b06b7da0e9bc68440dcd
SHA16dc00c0edcbbc1ed54b492c5cec14b22bad24eeb
SHA25697b10ad2020bb9e7d281c717c4194017b0274aa1f590531cb1f4ea2546a70a3e
SHA512c4d12e5d3672cf860e2e0f18ae113cbae3b6994659faab4cf9220da340bbf785122c4ae94a8230a202dd93d5c5a7ae224dddeee076ad594b45af0d0ddbc12b13
-
Filesize
9KB
MD5d0e7ad2a306f3d1545a9844efc1308ce
SHA188658ac38332b73d0f079c4210ca32eb6d4ad2f9
SHA2568d649dc9f58fea5a243d2918dd8b1b8e2179b2544619bf928db3451bc3ba4fca
SHA5121b564513ebd2325bf59b0467eeac0508b7a2aa1fc7a0c9f70df1d9bbbec48b3f5f837aba914fffd9575a7a37199e683d8428c4c4781dec37ccef2daf55a6668a
-
Filesize
7KB
MD5576f521e728e618a193a9c3edd8d20b4
SHA14673e64409928ac7775ccc902a82c489bf500d9f
SHA2565a0e950b447c269688916bcd87a28f012af75db38bd4ba3926a11185bf8d8b6e
SHA5128617984e8044589b5e2a5d79d0f20b4c41b711b0ba1a552abfa65375de5f3ee33062c195389b51211f331f4d2159b4ea2e7376885fd83bea2699b628f15dd492
-
Filesize
1KB
MD57d88248ec6970c590fe7d42412384c3a
SHA1c7999ab75c32a040730cd740ff2b7bd2f76187d5
SHA256a38c3e7c0a5b9a627af09132f009e43e75d15a022f51fb11c66b239580d682c7
SHA512bd7681f9897b7387f3fc44e441ee52a0e08b047c65070f63e136adecfa29c9ec0c1c2299216b9b3f4a0e25ce8ff65278cdee03b5279b280c941de680f05f5694
-
Filesize
2KB
MD5d55fcdf3df4065ee038c9d7fec748ec0
SHA160e1c5ebf16d8caa61ea0ee6d29f7d0721854737
SHA2560fb05756cf2894244ba4bc46dbc86a985218f67b19fa0b409a0f85610b19c192
SHA5127baeefd7385de1a034a4184a87911da604d14505b5319db757dd4708bb87e55b28f56c759b1f7c8bf97775c2dfc6d81a349f4759ba8d616d7f3cadd380515f1d
-
Filesize
2KB
MD5f30f3e3d8a8df61c7eaf1c11624d1864
SHA13dad12825c498c4ddda5bd2808b217e3a45e2a6a
SHA2565db40b2ba8f3f7700c1cca1eed4d10054fa2a102bca7396b6dac59f3b21cf8aa
SHA5129a35e396381976ab1b13b21382753c92081fbc6655092ab41e581b557e29435590bc4bb9e4ef45cd635ada75c929360727c3462522e2a3ace403d32d3aed9593
-
Filesize
2KB
MD500f89fd6eb998b29d0babf9b306c362b
SHA10852244493bff0340c17bd8ee3af7451df48e916
SHA256286c5a237294a519ae0aa6d9b586754d7979dc3ce491f47d0ac57144f1c7f91b
SHA512d3cd586a52f06508f890464e8a369940933a774f637e78635a904fc6c3c4b50b611cc1783e02253b085b018331a148b241ddd31622585b7401cdcffed20e308b
-
Filesize
2KB
MD5abf4e49a861d7bc113aab8d4b09761c0
SHA1c3ea24ea74d2e174f976d450892011b67a32c3e1
SHA2569976850f114231f9215a9aa6b95cc73354d47680fa38318a8da4a2ec9177c8fa
SHA51201bdd1517b7f56cb408a57c94dccf79f3f878f7d41c9965c80042bee9cc8b1fd26b126a83918522ca9e381b3e9a548a1a255bb50023f7daba7db579d17bf0c16
-
Filesize
701B
MD54d827fe886a63a8721786de75fcec8f1
SHA1cfc656ecc441180938522b15ece6b854cb46950a
SHA2567304fd2e02ace9e01a54605ec499794d792525897f71c852b803a48ad67d1ba3
SHA5120576c0d9d6aa5cf7f605055835db29019ad066bfb7edccfae4a8d043c530270e3e2063a8726d1ae02e451007c3a0d29014e6f0743443a90b9e05131cfdb7b991
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53f9979a74f4ae08299fbe3c72933185e
SHA161700e9ca32a24b8cda7213c4b38c5707af8f3d8
SHA256593ca75022d3df347c54798dfaea04ccf161eb7706b3d3604728e908507c1884
SHA5125cffe9ba7214fce2fc982628896850e2c1fd0d20d88fd137fda130425fb34606d5e156f8b09fd51072e61e7c9f87164bbe986cfaa613753b4bba01444aa7e328
-
Filesize
11KB
MD55559a61f67687d3fdb55dddda1b10b1f
SHA1dee801fdd2820190b7b9d71dafd7397da3ddd963
SHA256c0ecec7be0f8c1556d341da3f586e31c3f0642f17dd21c6c8ea6572c84106988
SHA512fcf588b29f585a60da20155001b627479464307cfbdcd5b4cf05ce64168efba52b32f02a0d0b1ebb10951895a12cec4768ed6c25a2a902dc87a6d8ffa99cc1a5
-
Filesize
11KB
MD57630a21ffc21a453092e8a6a208bb840
SHA1d6279911fd2279a7c35f8f9ec6bf7268acea45e2
SHA256b1381b0401db4eacbed3794c7bf4e4a9826227dd44e5e75a581178f31b05e32a
SHA5121eb861e8a68b2c72a18a8bb451459c0402814dfa2e4760d002d940e5a3264852d16d9bd20e29a367d0ed01709862d11cba051c3c72ac3546e8fda76368c7f056
-
Filesize
7KB
MD520850d4d5416fbfd6a02e8a120f360fc
SHA1ac34f3a34aaa4a21efd6a32bc93102639170e219
SHA256860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61
SHA512c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276
-
Filesize
26KB
MD54f25d99bf1375fe5e61b037b2616695d
SHA1958fad0e54df0736ddab28ff6cb93e6ed580c862
SHA256803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647
SHA51296a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130
-
Filesize
12KB
MD52029c44871670eec937d1a8c1e9faa21
SHA1e8d53b9e8bc475cc274d80d3836b526d8dd2747a
SHA256a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2
SHA5126f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7
-
Filesize
10KB
MD5dcaaa39e47a9144ae10ee67b3183f4e1
SHA12af87fcebff57411e929dd2fce767e9a1e4d98e1
SHA256da30c0f57a8a412bdc0fca182702f568bd91007475d1823464658fa523a4af9f
SHA512d56997d74d841d01c62b7db4150729f395b57d065a1182249483640f80720fb6dc7a457cc3a23367982f92f85e9274507d6157f698a2e22ea11266866fb1bc2c
-
Filesize
35KB
MD5764371d831841fe57172aa830d22149d
SHA1680e20e9b98077dea32b083b5c746d8de35e0584
SHA25693df9e969053ca77c982c6e52b7f2898d22777a8c50274b54303eaa0ef5ccded
SHA51219076205eba08df978ad17f8176d3a5a17c4ea684460894b6a80cae7e48fcae5e9493ff745d88d62fd44fc17bcda838570add6c38bebe4962d575f060f1584f9
-
Filesize
42.4MB
MD53d63e3a94c39a18f4da866b896b41e80
SHA1c9520268936bfa6d060c8603cdee753db214d0ce
SHA256d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57
SHA5129dfcdeca8fbfb655d3a4a8d0297fdc7f4c34a46c1b4238436d6e51e8621cbcd866ebfbd2a738a50dccdcf18d162b213b086a5e2a720205751ae07147e800838a
-
Filesize
164KB
-
Filesize
208KB
-
Filesize
2.7MB
-
Filesize
96KB
-
Filesize
2.7MB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
116KB
-
Filesize
16.7MB
-
Filesize
2.7MB
-
Filesize
208KB
-
Filesize
992KB
-
Filesize
92KB
-
Filesize
412KB
-
Filesize
68KB
-
Filesize
208KB
-
Filesize
16.7MB
-
Filesize
992KB
-
Filesize
516KB
-
Filesize
44KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
56KB
-
Filesize
44KB