Analysis
-
max time kernel
576s -
max time network
577s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06-08-2024 06:30
General
-
Target
https://drive.google.com/file/d/1JkCs0LFHDI5L5ANlE8TvneIEBPt6EFFK/view
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 35 IoCs
-
Suspicious use of SetWindowsHookEx 17 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1JkCs0LFHDI5L5ANlE8TvneIEBPt6EFFK/view1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c7d46f8,0x7ffc6c7d4708,0x7ffc6c7d47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5432 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6440 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6436 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6836 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\winrar-x64-701.exe"C:\Users\Admin\Downloads\winrar-x64-701.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6708 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\winrar-x64-701.exe"C:\Users\Admin\Downloads\winrar-x64-701.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16578411635943260985,15044996198526247881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\winrar-x64-701.exe"C:\Users\Admin\Downloads\winrar-x64-701.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\f5dbff9007f44514a27d08f95c9afb6f /t 1740 /p 40281⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\WIN_AAE_V23.6.0.62_AP_ZNT.rar"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
4KB
MD549b465570a4e6f5069dfdccfeb11add6
SHA1b81ec29f70032fbe9ad87c9c09563d855535c9fb
SHA2567754717c1e2d84f066810b18c1354887b1b2c63948abd87168e5ec6968c5799e
SHA512703e1f081b40f8ea362f23dec14b21bd6a469947d53566f0e6d841b6513a37aed5ded9f4e8c5cdb10fc933c9dcfd5ce86949e83bc9273f0733b8c6af6a76b9db
-
Filesize
69KB
MD524a806fccb1d271a0e884e1897f2c1bc
SHA111bde7bb9cc39a5ef1bcddfc526f3083c9f2298a
SHA256e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85
SHA51233255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae
-
Filesize
41KB
MD5ed3c7f5755bf251bd20441f4dc65f5bf
SHA13919a57831d103837e0cc158182ac10b903942c5
SHA25655cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d
SHA512c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD5027a77a637cb439865b2008d68867e99
SHA1ba448ff5be0d69dbe0889237693371f4f0a2425e
SHA2566f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd
SHA51266f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4
-
Filesize
408B
MD5659b74001d9a3c746cad260dd6762e3b
SHA110b149ea74a19eb2d19562463c5252822b3ea392
SHA25695eaeb6555fd4860729c9d3cf17778afbb8dcb9733fd8d919e44501b0cd95e37
SHA512d6ba35864097680927f14a7e83c7f755f9b5d45245feadd2ae984ea8e11b6aae8f5b64c70bd8e956e8da2b51c343668099e76af68f0e24fab9011ed5f2fbebf3
-
Filesize
3KB
MD5a9f58e780f797e50f8390c245090f4b6
SHA1359a413bf11a321082343d4631a55c33b69d9892
SHA2564a96a1821ae317c91bba0fe75e9a0b5caebfe4520398085f486e10d019e7a251
SHA5127450c5886a24420230a075866d3b682e08160d17bce65735af4a12b80068f8d9a39399b767178f261230f4da5343c1d6e2a4b6c21ebfc5c6d94ef7cc8f279fa6
-
Filesize
2KB
MD5d74f7190fd05999006d5544ddcde7f4c
SHA1a743672cc0b67c599076a24bd92f11181da4d3f9
SHA2561dff66258d9730273f0067a19359ee81ea5c5d09c05c7b71d77aeada609b2aae
SHA512450512db4879e0d4f80777172c935390986144b5db78db9e5e04967aa87d5e0d84a883852ad836a1c8d3b6e1ea2537ffcf259670c24073c46bde3e5a0fdae6fa
-
Filesize
4KB
MD540b78832bcf1594013350ea26a36845e
SHA1410fe5904d0f6060f40b45067f781905966789d8
SHA256ea6142e39cc250b49ecfebda139e8463f7580e99825562b1af2964af7d5242e9
SHA51263e8619ee6dac17b886b67265634051523095a14818d069e6f32abc4827e49371e3daefd68acf1cf183db08c84fcba54097e181aef510202bf7f49d9b6cebefd
-
Filesize
4KB
MD5280ca2017015efed97afbb108ef489ef
SHA1f55accec84e74fc6af20b9d7ba5f660357b52d9d
SHA2563353f6be2f53df3d43bb26c97e81c9b47cf0c001e9fd60ed07b6a0c4675b2054
SHA5124f4cbcf0c3d6ff0c0933ac269c9213c9f77594a3b74544831d0c85a5f9e1fe8af20410223f5dea9ecf63035a21c1abfac491518e9d9274d6ace634e78cd4245c
-
Filesize
4KB
MD52d36f85c0c8f7aa9c01b6ea56385f371
SHA1e338f97a637cf2322ec8ac5e2acdd1df8716f613
SHA2566da29d1ca4211376d486bf80edef4805661b96ba26ab78c2d2152baad5468b7b
SHA51246d93f4b66bd1504d1dc118707ee911de689dc2a435c8264c3a9d1f6749f726b8bc781824c546080a1a0eafc0edd7a41da07e91e2ec4f9a50a6003e87055c81a
-
Filesize
4KB
MD5303066bf98630f76497c628ca4834a93
SHA1185a771f6baab2e3239a92bcb5c3166fb4ba2b6e
SHA25651254d60ae01509277d598becfdcf6e2d4d70fb604d75a965522b31e4f067e34
SHA5126cec2d87e48025ee6f09bb009983be0e03a0e7dfabab5e1008af4d84001dd83b3e0d034292a8e25016ba4768756bea203ebf0fd4e2435535624a4bd3eefb52ac
-
Filesize
4KB
MD545c5264f52786c815f22735d4576746e
SHA1cc019dccf067a0cc663c11b418b452a9bc514b7d
SHA25690642686295b32d7a548b837852ea7d8820168dcfbb857aee76bf0503e21c55c
SHA512b4ce2c35a77d60e515049306b5613cc95f1af238d040ae1f12418110a92414c2ad7eebb55cfc4c9dc65355909b136fe49b521b895e50d8e91ddad7adcb1a38e7
-
Filesize
4KB
MD59f2be19a9bc1291c48f61f56cb307791
SHA1d1be70458419c8cda2f78a62e48c3846e41368a4
SHA2561c63f072649c9d28b268bb1124ae4d914b373bb73a465172209585f3c898a246
SHA512834f11fa0bcbb9f7b4110e19b7d0fb96e644521f5004e393713ef70b609881fcbc5fbe6f88bf82fe1d8d980291010415b7cb9849c0095982a6d144f245ef48a5
-
Filesize
6KB
MD51e75ddd822e9b1de82c1fbac3d180561
SHA1c0a482d195c17b78d4ea5e3ec605f5db8262f339
SHA2565fd4e7379bf22ac14f0522e94bcc46ddd6a954fca1ef90c39d1e69dd79de429b
SHA512b27a87c7e8f195a45224d6d201da739cd611370f27334995cc39b55ff643df15ec0cdf5e5fd21821b0828efedc905b5253b7ca555231366d52243a81bf5d1b47
-
Filesize
6KB
MD50676c56bd5a2244818ad28d84c22f381
SHA1d2ff0c9275a7148435617f00e4058df867a409ba
SHA256b5bc3a496f352efb4a643fe728fc5464e084924c5065ef9bfd5e4bc92a683e54
SHA512751e3a1bf76f4d9e380153abc0bb2d5f15f633f1cd79164aa6f23900f3aba86d5be93295b50fd77d90d19d6eb5176476c742a0027d7d35a52334bb659d36dc92
-
Filesize
7KB
MD5e61e501ddf6c1c228a72803e034da4bd
SHA1d4bfa1f05b13c0a1aceb414b966f765421e98561
SHA2565e8ef2ef55d5f2a0347852e61e4badb10b8232d81db186e3b623fd1320985299
SHA5126e13e5a8b9b0705f140da54447cfd3fd2c1d3d9bfc9f9f9e06d088e3ba8a3cecbd744925418551b268b8c3259f996ae9381e3343df1fc9e6c9c8e0d7ea47532a
-
Filesize
7KB
MD58696f46c243e390763939c5d9fd1b582
SHA1d9dfd9215606fc7392f28667a45dc65869bdd255
SHA2569458b3cd00d026f862a39650b47e01599f85912ba283cb10f47c65c186c9c4ba
SHA512b5e199af28da7a2c8aaa236f8a5e73a0c642aeb7ffe4a139b4bc1eb51506c039e840d59fadfa4529bf9fcf83ecfaee28e9e6b0fc2d96a7f7f6234c0febc68793
-
Filesize
8KB
MD594e4441ac70d96f4f546ebcbdcf285d5
SHA1e0d15168b12f457dab314185d0cccfbc011b2eb9
SHA25601779cbf8ba50fb20f89bc6774b30bcd2884e45573a71bf585aab2eb07a0ad22
SHA51223cb910d1d83529fa5bc8441bf84b3f787127903c148b3ceacbcc62240bdc6655a5febdd9a211cba6997735b9d861fb13ab7e69e47c0a6fe99267c815ab71269
-
Filesize
6KB
MD5be3ba75eeded5409898c96eeebfe6872
SHA1a5181435a7b39df8589afd2aadf12a5c663e38b0
SHA25658e6d3845e0eeee5464ed719e3a34d6526b13ba717a815489e68b777c326ed17
SHA5128dfbd8a58e1fe741ab82d114b5c06c633ca5fdddc375d53c597e483aed685dad6a0a35e92b652d9b77ba1e9dcd01aae5195792d33dbebf50fe243c636d8210d9
-
Filesize
1KB
MD5d141c9f704bba89a61204d3df3bf94af
SHA1e6e21a52a00cad47b806627c17ca5e5cdd1ff775
SHA256ab7c6fada6f6085ad3afc6641cc9195cacb79e241fbbb01c1758113dc7e1bdb6
SHA512a58a57ffa699041928f14b0ca6c5532e4fccdcc4f6c95cf9eb1ebfda771ba2b9b5197c1b5a2d4859c91d3373e2b9ed52dd8e2dc4800494d8d9b5334413d8eaad
-
Filesize
1KB
MD5da8c220c41dfc9883b99a72e2823e171
SHA14ab99317502fd4eb4c071050758000392f0f01f5
SHA256ca0d716c7606e3736269b62ac4c00c4a1ec4120236659580e21a8b4977f79661
SHA512ee5f9e1333703602f58c31f4f3d7302a579333ffa9b4353a288cd06df6f77da6f0f2e78c68c6fb4354dded54c16dfe219bb4f045b28995632769aa65703afdb7
-
Filesize
1KB
MD522bf07a41df480be02aa14cb445b8457
SHA181dc8f3ac767e9e8fcae45a65f9edc0cb04dd257
SHA2569a2e8f1d63381f5670017566ba2865c31db40a71e91c89d4583610b27e36d1a8
SHA5128536e1419041cde1af145b0e3e75be6ebd2ead397d00806bf56f088b9893485297a2d93c3c9082a32f277c277d6db5fa70a49b89234aac91f5d15af8d2c6839b
-
Filesize
1KB
MD588edf890ca40c39ed10a58eb22de803f
SHA13039c310814a9323ee42f6c9f485766b64915a3a
SHA2560802ee0493c31c15b8e93d12b9209847ace35cb079905de2ab4993abadc692fe
SHA51298a7c3bd0466e9b1da2fa32d345d9433102ba37844a902ebec4bcf86830e9c089d2400417ac576faf3aa2820ca339d1e3d5a3485037b0a95f3f4d0d7794fbe97
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d6bb8381cfdfceb268ee3fdd0064816a
SHA1e459c310c125458a6020471a15b2e07319dde5bd
SHA256cc0949b3eb08300bd58dbd11d97435da954abd3e1b5352d93c405b042842e5a3
SHA5126dd51af56e3868e93ca399a74ed0508282ba2c52b733613a59051a152ba9cadae857aa3dbf0b010bb3e42316b1e0faa3413ca00b0127b5e8272ee931e3bf2ca5
-
Filesize
11KB
MD5cd04578b062d3e8e269efa5428b2f6ad
SHA1e2fc2f60c8336e72c0256cedf488e61f004983d8
SHA256a743df8d5174a77517dcf7b18a8d465f6013a5662116d7310656f50130f7d86e
SHA51216dda7a18770325817518ef7e9c06a09cb1c724dcead88dece153ccd5d6c454a5d2e0f3f5ebaad755cbc2cbb46068ee5bd800494692c0207e2fb4341ee7e5cde
-
Filesize
10KB
MD5553e6f3048da1bc7eaa7ee31fa658e81
SHA17d540950054df3c371cc58237438d372b2f47ac6
SHA256e4365905833cd3adfd94692f70cdec287109f5d83d5f3dccd3997dfbc7057b75
SHA51293e603e29fdc08b023273e72a47ea96cb27054fd7f77a9d8cfa56ea272de269dab0f68ed21c421b3fb80d9c0d0c670034eb38c4fe6a31651100308904070f29f
-
Filesize
3.8MB
MD546c17c999744470b689331f41eab7df1
SHA1b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA5124b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
-
Filesize
16.7MB
-
Filesize
2.7MB
-
Filesize
992KB
-
Filesize
208KB