Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/09/2024, 09:24
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/LiveSplit/LiveSplit/releases/download/1.8.29/LiveSplit_1.8.29.zip
Resource
win10v2004-20240802-en
General
-
Target
https://github.com/LiveSplit/LiveSplit/releases/download/1.8.29/LiveSplit_1.8.29.zip
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 40 raw.githubusercontent.com 41 raw.githubusercontent.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\LiveSplit.exe = "11000" LiveSplit.Register.exe -
Modifies registry class 19 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lss LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lsl LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.LayoutFile LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.LayoutFile\shell\open LiveSplit.Register.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.LayoutFile\DefaultIcon\ = "C:\\Users\\Admin\\Downloads\\LiveSplit_1.8.29\\Resources\\LayoutFile.ico" LiveSplit.Register.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lss\ = "LiveSplit.SplitsFile" LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.SplitsFile LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.SplitsFile\shell\open LiveSplit.Register.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.SplitsFile\DefaultIcon\ = "C:\\Users\\Admin\\Downloads\\LiveSplit_1.8.29\\Resources\\SplitsFile.ico" LiveSplit.Register.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lsl\ = "LiveSplit.LayoutFile" LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.LayoutFile\DefaultIcon LiveSplit.Register.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.SplitsFile\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\LiveSplit_1.8.29\\LiveSplit.exe\" -s \"%1\"" LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.SplitsFile\shell LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.SplitsFile\shell\open\command LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.SplitsFile\DefaultIcon LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.LayoutFile\shell LiveSplit.Register.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.LayoutFile\shell\open\command LiveSplit.Register.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LiveSplit.LayoutFile\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\LiveSplit_1.8.29\\LiveSplit.exe\" -l \"%1\"" LiveSplit.Register.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3276 msedge.exe 3276 msedge.exe 4884 msedge.exe 4884 msedge.exe 4940 identity_helper.exe 4940 identity_helper.exe 1696 msedge.exe 1696 msedge.exe 3396 LiveSplit.exe 3396 LiveSplit.exe 5328 msedge.exe 5328 msedge.exe 5328 msedge.exe 5328 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3396 LiveSplit.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 3396 LiveSplit.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3396 LiveSplit.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4884 wrote to memory of 4092 4884 msedge.exe 85 PID 4884 wrote to memory of 4092 4884 msedge.exe 85 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3988 4884 msedge.exe 86 PID 4884 wrote to memory of 3276 4884 msedge.exe 87 PID 4884 wrote to memory of 3276 4884 msedge.exe 87 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88 PID 4884 wrote to memory of 3304 4884 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/LiveSplit/LiveSplit/releases/download/1.8.29/LiveSplit_1.8.29.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4884 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3dd746f8,0x7fff3dd74708,0x7fff3dd747182⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵PID:264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5712 /prefetch:82⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15909909872455735802,2711971759993369841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5328
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2024
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3428
-
C:\Users\Admin\Downloads\LiveSplit_1.8.29\LiveSplit.exe"C:\Users\Admin\Downloads\LiveSplit_1.8.29\LiveSplit.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3396 -
C:\Users\Admin\Downloads\LiveSplit_1.8.29\LiveSplit.Register.exe"C:\Users\Admin\Downloads\LiveSplit_1.8.29\LiveSplit.Register.exe"2⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1464
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
265B
MD5f5cd008cf465804d0e6f39a8d81f9a2d
SHA16b2907356472ed4a719e5675cc08969f30adc855
SHA256fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d
SHA512dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d
-
Filesize
6KB
MD5172b4cf3ffadfc5b4457b740353ca435
SHA1c3e76ec18d9801526d8aac911bea9ef65638e5d7
SHA2565f38dfc6c37c06865c7fa63ceda8e5445b6f2e7b18be418eb18115bec7bf629f
SHA512db2a4bc3ead81d28d0f6f9bbb62032efb8d39fd3ea0ee44ab28fe0ce72f9b4394e6401f399953b9bf342be50674e5ef8167ea6e9468572c0bb4cd5c321dd13ea
-
Filesize
6KB
MD58f460c09680408c89f96627ba962345b
SHA10903120e5f8ccfb898c46529f3bc066d41e1a1c1
SHA2560bbfe7e049975a5310b41f670bfa2febc39678a721e6eaf39744c2ab43bca8ae
SHA512ec5b73d8d093a11b7cddf590d4a071ea76511880a6ad3dbbb22fe0469a70f9c3a8fd90842defb834c3a9bbae22f2d442f6157bb4fc1ca39540699f3f8977daab
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57eefd8886db98a3e292de0504e2f42a1
SHA1b659d6a251651a6e462f000a3bbd4676aa90e74b
SHA25686bddc920ee97f56f69c9e85ade803aadb66a227fe73b0f58e21e051d63c77ab
SHA5127da76c1aa324934360f849f4311483b167d7749bfb90c6cbb73e0151315dd85b198c3d8718f0fae5af34795bb2fc0ae12a6eb7c121ce8783f5e19a9faf67a4fd
-
Filesize
10KB
MD54ffbf76b91b10e5fbd886a46bf7dc941
SHA1fd862fdecd3f7379e3df3f05c6751d233e2f6048
SHA256818bd9a3f4a52fcedeea858dc87a33010bd514f4ccf1823c8a02551500666838
SHA5124eae9aee61cfe5c5f1f9da1381f2ca35dcca50cd073c3050af205f86cb6e78900228678266192749c7ee0d0a14023a10639b517393cf7c6924f3f39971ed0cfb
-
Filesize
13.1MB
MD5ba85a4b1ae38f5e2187cef79067706cd
SHA136a4cd6cd94509e305762290f06701608116e368
SHA25636cceb90271638ac195a7d09b5d820fa7f5b7db6682cf7857905e393ee2bb347
SHA512f26be5c0c9e1816aa860cc2bad0368474b986a85c92dc7d77283cdddd13fb40baca78371fa1fbfe7719fdc5a1fffb773189f35889691c71a89ff585cbefc9fbd