Resubmissions
01-11-2024 12:33
241101-pradyaypdv 1027-10-2024 23:08
241027-24hmasskhj 1020-10-2024 16:28
241020-tyzdvsxgqb 320-10-2024 16:26
241020-tx2gtszekk 302-10-2024 11:53
241002-n2j6fsycqb 313-09-2024 04:59
240913-fmwxpswcpb 311-09-2024 15:54
240911-tcmg6sygmm 311-09-2024 15:53
240911-tbsmsszbnh 1025-08-2024 22:53
240825-2t6als1gll 10Analysis
-
max time kernel
255s -
max time network
256s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11-09-2024 15:54
Static task
static1
Behavioral task
behavioral1
Sample
dl2.exe
Resource
win10v2004-20240802-en
General
-
Target
dl2.exe
-
Size
849KB
-
MD5
c2055b7fbaa041d9f68b9d5df9b45edd
-
SHA1
e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
-
SHA256
342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
-
SHA512
18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
-
SSDEEP
12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings taskmgr.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{87A43BC1-F10B-45C5-AD3A-D291A1E2A85C} msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2968 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious use of AdjustPrivilegeToken 14 IoCs
description pid Process Token: SeDebugPrivilege 2968 taskmgr.exe Token: SeSystemProfilePrivilege 2968 taskmgr.exe Token: SeCreateGlobalPrivilege 2968 taskmgr.exe Token: SeSecurityPrivilege 2968 taskmgr.exe Token: SeTakeOwnershipPrivilege 2968 taskmgr.exe Token: SeSecurityPrivilege 2968 taskmgr.exe Token: SeTakeOwnershipPrivilege 2968 taskmgr.exe Token: SeSecurityPrivilege 2968 taskmgr.exe Token: SeTakeOwnershipPrivilege 2968 taskmgr.exe Token: SeBackupPrivilege 4316 svchost.exe Token: SeRestorePrivilege 4316 svchost.exe Token: SeSecurityPrivilege 4316 svchost.exe Token: SeTakeOwnershipPrivilege 4316 svchost.exe Token: 35 4316 svchost.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe -
Suspicious use of SetWindowsHookEx 30 IoCs
pid Process 820 dl2.exe 2420 dl2.exe 3548 dl2.exe 1668 dl2.exe 4376 dl2.exe 5056 dl2.exe 3496 dl2.exe 4528 dl2.exe 916 dl2.exe 4800 dl2.exe 2104 dl2.exe 2132 dl2.exe 2320 dl2.exe 4912 dl2.exe 4412 dl2.exe 4724 dl2.exe 3272 dl2.exe 4264 dl2.exe 3464 dl2.exe 3476 dl2.exe 2988 dl2.exe 3232 dl2.exe 1360 dl2.exe 3760 dl2.exe 1200 dl2.exe 5032 dl2.exe 1724 dl2.exe 1284 dl2.exe 1832 dl2.exe 2468 dl2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 432 wrote to memory of 4376 432 msedge.exe 132 PID 432 wrote to memory of 4376 432 msedge.exe 132 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 3812 432 msedge.exe 133 PID 432 wrote to memory of 1004 432 msedge.exe 134 PID 432 wrote to memory of 1004 432 msedge.exe 134 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135 PID 432 wrote to memory of 2276 432 msedge.exe 135
Processes
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:820
-
C:\Users\Admin\AppData\Local\Temp\dl2.exeC:\Users\Admin\AppData\Local\Temp\dl2.exe {D0DAE1A0-A8AA-4DD7-AAB2-26A4E6B2A51A}1⤵
- Suspicious use of SetWindowsHookEx
PID:2420
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2968
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4324
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SDRSVC1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4316
-
C:\Windows\System32\-ue4vv.exe"C:\Windows\System32\-ue4vv.exe"1⤵PID:2860
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3548
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1668
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4376
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:5056
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3496
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4528
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:916
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4800
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2104
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2132
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2320
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4912
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4412
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4724
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3272
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4264
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3476
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3464
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2988
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3232
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1360
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1724
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1200
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:5032
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3760
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1284
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1832
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=dl2.exe Magnifier MFC Application"1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa0d3446f8,0x7ffa0d344708,0x7ffa0d3447182⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:82⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:82⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:82⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4428 /prefetch:82⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5088 /prefetch:82⤵
- Modifies registry class
PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1200863539451094593,4866994266436463364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:1652
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4964
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2872
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f8461423804a68324993bfd4396bc088
SHA19a7b35156974172a8a921020d347434ffd8a5c9e
SHA256d6ff88bcb1bc48c0e6738f3a42f4a70f113402d280a44168af8a6dc268d0e09c
SHA5123ce69ebd917c5bf453dcffcd6506191a9ae094e85e497a3ce71154c61b9cdab5d3d158710e5bcb99987ddc159d2249380046a3f67f237ff2b3d8f66db5927b98
-
Filesize
743B
MD5dd9eeb0c5bb1f159d46bb4dc7c40537d
SHA169b6acbe8b6fc5a3509423059a24a75c14ad333d
SHA256c3e5d6d83be3695bbbdf4c344f9982735e7a1f12e4346debbf7ef424cb897415
SHA512c129918499a891c35fa05b4f9f73ea1c93db5e22f05698b331b6a5d03cc6676a449edb6bcf4a316139ae26ee9d54e8fc85d459dcab5f6622ffc3defc46822dfb
-
Filesize
5KB
MD508f47aec46058e3527b20d86f22880f0
SHA1d8fc80f8c6115b9e97c82c6537059587132481a0
SHA256e937d9fe109f070d176160bbd839020cf8af83dc41f8065c7d7578f7adf09d17
SHA51220947bee9a082f7699689c126e039d56100fe132769c67736b6ba6e074c8fc0ab9d042fa0d4461a76f6e376feae60d8e5df15512c2691b2e85b8465e5ce0cc42
-
Filesize
6KB
MD5abe3d50806a0b250add430c2ad0a277a
SHA1a5b05eb339dc5258aea6d610d89d29b80ae1c266
SHA256732de6bd0ce5e3bdfff95838b42d03ed663b574b3c8e47ae3ddf20efce8f8174
SHA512c8b1729219c101353ae985901d536aa95217711f599b246cc90ab106f5e899751c564b8816dda35c157dcb3e9f8d7dedd1dec65971cbce6d3da7705824d40a81
-
Filesize
6KB
MD5569ffadbca559857008fedc54e06b2e6
SHA116f450cc43bdedaa1d5dc87e0bad3350e94c9c94
SHA2562e9b4ccc8b882bc79760c10ab1fa901088c20d0fab2e08c125dde39aadb0ae37
SHA51248cce018aed71c849e02aeccc84a9967470c4c9c4294819bf651fc548172eb4617548ed2b4d6e81729c8400c02be5d689c46fe9cdf06203ff73edc7e8ecc76e1
-
Filesize
6KB
MD506453fbc67d6f1cf2151f6dced056452
SHA1fd22b37602e67776ad86aaafa140fc4cf75df906
SHA2564d880282d36c23cb4929c7920ed282fa223aaf9f4edde5f1b597cbcad62e833e
SHA5125c74f8abf714dc85cb98ba4127bb61554b2cf924faeace5438db64665d50ec0835cb11b82be3593ecde070b64438a8746cd498f0a800a41616f84da9fd464d30
-
Filesize
538B
MD57fd3cc592667ec97c8c67669d329c45f
SHA16248b730e7ddc62eb3fe1230b40fd59868dc2e65
SHA25630e5d01e7e94c1f18e7f7bd4faea93f36611ef8d54990eb93c89bdf730698675
SHA512baca086a8168cc08da7eb174a3aafea0550a139dd26bd074d2886c03834b8a9e7705a8578c4d1b2fde5911265da0d6757d7b8bc856684e6f6305971b382ca2f2
-
Filesize
371B
MD51398f42cce16591f5522050b728a54c8
SHA1236c79f1cd82317bbb41c1b2c255aa483d259fa4
SHA25642244b8aed455f808d32628114b5992ccb5dab1d2418a572b0c7bcda2d1cf20e
SHA512c470dd6d0015e528edd891b1412a4226288cbdc504dfaca7b65db2e483f657c3a121a1883c765f4acb5afea71df498af9775b5e9bf07303dbf54702663328722
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD537e19c2c2d1bf0abceb0ffecb489e3a9
SHA12a084f557bd14aed27127acc5c918e8766e31e3a
SHA25623839c85e3cdedfba812ef98a10a21785087d8b5d5627c7de31361acf7dd8539
SHA5120cb1b7e0de01bcd75cbee9fd77ec123a46827cefa212b60eadf196fe42d64d82ae84add762615a9ce71b1ea412c7ed5a03ba3471b2eb1b9607405e0661a27816
-
Filesize
8KB
MD59a30ca8c1450f6b530b83318eeca0ee0
SHA1d3a4bf5e21872159214f91ec980d00a8a8385b6a
SHA256d7d743598b6dd164f5c71bfe9c5b44e11f753a1808237b78741a8c03b5925049
SHA5121ea90efa67bab0cce43a4c934ed8651916e4dcb393304f056c27f2d7b62f220b964a35e73b142a9c874cc93e867d76e8f71d65789f3afbccf3e5aa01272821ae