Analysis
-
max time kernel
250s -
max time network
258s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 18:56
General
-
Target
Dan's Studio Report.png
-
Size
15KB
-
MD5
e06169482fc07f496a3e7f4396717fbe
-
SHA1
1d18535aa65e8046de3c7c1b1d48b3911f41471b
-
SHA256
03d9251e58c56b0eab7b311cc1e63adcb614996f9f4b4593e11cc7ba7f2fe9d9
-
SHA512
44ff0516efc0a4a534327d95988e2a1fcb1764f5352a05d83bc78da9a9daca8d77a9c43df781a3ce5f9e78577e41eae951ce5561d0f06c48a26d2be6ea4731eb
-
SSDEEP
384:TS+/Lvpvy4tuMFcBHVX5Xq+IZa0ACENTiPKUGI:TS+7JjtuGcB1X5aX8GwNpI
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies Internet Explorer settings 1 TTPs 33 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
-
Suspicious use of FindShellTrayWindow 47 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Dan's Studio Report.png"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdb99646f8,0x7ffdb9964708,0x7ffdb99647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3612 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3752 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6344 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\JJSploit_8.4.1_x64-setup (1).exe"C:\Users\Admin\Downloads\JJSploit_8.4.1_x64-setup (1).exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16509607059265764122,9972020596298607240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ResizeMove.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RestartUnpublish.gif1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4312 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault159b1aa0hce5ch4193ha455he7990de66c531⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdb99646f8,0x7ffdb9964708,0x7ffdb99647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,3730438923749856065,4651134412240540838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,3730438923749856065,4651134412240540838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,3730438923749856065,4651134412240540838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
2KB
MD5e8c0b3db73a4706830390539f17a186a
SHA16ea26b26baa7ffad6e600f2f11f08a27f29f6526
SHA2568cf4cdebe12ee40deb93e8bc4bea7b3c3ecd1cc4327d035569c9fc7baf872286
SHA512f174f694208767a6752a6b823c2a8dffcd2287189ef5e19bbb75cb08e70ea0a9ed69cf35aa2f05a89f9b42f26b81a2f2485059af511bad5dc371319b841a7546
-
Filesize
1KB
MD540b66d7c65cf1930c4350f4e01958fc9
SHA1d12ba3a8bbf14aacf9ba0b629935aa54dba80875
SHA256ada1b12846bc91f28505722f5b349e817f6a445de25e7758f8f89aa0cb35c7ff
SHA512be8827bce2994be91e53dbacfcf0bdbe364993f3b9e53b67672b66011e9c4e255dfa682a43702dffa8f40f72678fb335dfa70bacb469a5d9c4771e07935b4abd
-
Filesize
1KB
MD517d2ce0481b986f4c57fd8f58db1a7c6
SHA115f7ca575a4ee85a819bd6ced860725d345f2161
SHA256ff65872e4cc71c78856cfb30b024f9355e94ebce30f9bb3a76e8f8afad17ec7f
SHA512a4bff671c6269da42886159e5ef5aab490ee5a91e35d5030544ff40103e9c5e49e40c08289a88683e703ed6cbf10b24c825a428269713aa960595f7175007ffd
-
Filesize
28KB
MD571d5b6b4861b0e4e5f3cbe58f0faeb61
SHA144c20382736e2899e2c0566e90662cc1c3228ba4
SHA2569a94a395bdb97b2067c5c66dc0774d6f4a6effd267bf96feda6ab6ea9fc0cc44
SHA5120bc825e3ae3bbaf0e11a404d29eacf84667d08227b42bc871eb6ce260eb091172f2d1eb251043f9c0ea7dce4eecf3c4db83547e2ab66c467371213af0dfc65db
-
Filesize
124KB
MD570aba4ad2b395f297b59e2233f80aa87
SHA1c563843e0d5fbc7c0d49dbe59d6d4509e894ac72
SHA256a0df6ffb8f2cae6042fc38d8757d5810e41915fa9836ac7391de0ddc98cfc1b7
SHA512eab0f9f677a5b188c770b750a8246675723054524cf365672c91368690ef935610c942345e4d4a2b3110d0ef84249a554175fe1369784499fbe3b0841d6ddaa6
-
Filesize
5KB
MD57d164f7fbef1501f09c8d9147eddb3a4
SHA171991d169040b5beb0908ed37284a6469a15139f
SHA256999234e7dfcfa81af472330aad081b4e69a5488fb89f61e37234dd18dd0f976a
SHA512cd8c4364ab63af6430c7fe7689cf8600572ddf80f8df7aa38abd1a0c6e9d63869f413a1394d99e8d1e68ca70ef9ac2e60ae6e83f4b3a06605df58020ebf35c2b
-
Filesize
331B
MD55a37deecb59d5dfddcf2f27f641f0f10
SHA12a081207fbbb717b94e98f6c3840c689159a2087
SHA2568647f1826d0dd197abcfdc245da95fefd8a47c5a6b5babc53eeb614a8441e11b
SHA512816c03dbed1c089f715fe5bc2a3c990ad9fea01986cf6183049975c06b0a0df9388ba9490c56d83296f98c7dd4c6f02548ae50ccc4a58a4b28a983eb04c75e0e
-
Filesize
4KB
MD58ab2e6033d124428510bbd400aed028e
SHA1e00151216016ef478967b90e39d010f508af6bed
SHA256ac3034fa34b13fb8293ec133a32c89c7b5e6ab52428ea751bf0b8f3afd29911f
SHA512577be6004ed08834291b2356c0d19743cbe2784ed1cf178cf7b900c8b290605cc33adc86a0a258f117325ba148241bb08a7a9c688b9eef8593a454d2548faa35
-
Filesize
4KB
MD51b0bc1fd30a19348c257e54f4c015959
SHA12718276c4adf9449a4d5ce0dd2c65bfe1a32b69e
SHA2565f9754a2d5b0f8a5f9e8484f4693f9963f880b08d7e66e1932a2b2a4d50fc547
SHA51259cd037a398f63b314ef4f4c3a8460a9dd0105f91e971b4eb5449a874ec451d5360f17e763956171a4a02b553c756382f4c0438dbe3aba4f7863b57161b3695e
-
Filesize
541B
MD552f6c71630d55381e5ac821193d17439
SHA17ac8c81f9110f19a9c23c4547931f4966ab7d5ff
SHA256bb7586ddcd84408048a5f8c413d20f9b1e185ac240213bd30bc870c1b7086d92
SHA512f30ddae1020ec7eedc084b22b9a5a553151697ada7d2df36bb626e0069d718c1bdf5de19eedabf22035fd9d813676c243f16537ca3d82c4f2c6648d4a3a8c61b
-
Filesize
8KB
MD55df1a14d8c863cf185843bcb435ad102
SHA1af813ba349ac3e4f343168c536d7dd22b50f0762
SHA2568bacbf9b7024414eb98c88a2378f789b4a42064cc3fdd3d4e7ef52cdab0acf1b
SHA51270318dfc64c58d0b15744db40b99116b8aa4523ecae377d297be13bef2d2b56a1e07e95f09dbd2498d59704b1898b030db9b426582b7e9379eb2517bc4828032
-
Filesize
5KB
MD598bc0b86cf5330e183626121a576caa5
SHA159a56bc05d32149c7c2aeda16cef2f91664868f3
SHA256a93780eadc001b8720f264da84cc6920d54691a41c4b15ebcc12079714c25cac
SHA51291c9e85b92640d4c557fb962494e0609710da93cc26455a629cc3b0a6bea0ee532dd36520718e10a8e19e57013b43bda6986fd62349f08352c749e313f2068b3
-
Filesize
8KB
MD54f54c3f59bf162fa1250a1595bf68158
SHA108bbf765bcdfccb2649deb731381b5707f82657b
SHA256c7b412526dbdccb581d1c7dae9fee9033bd685fdddca03357a680895206f4ba3
SHA512c26e72eecb6970c9cf26888a62a3f604f05658754571df3578dd2b901d309b956d2d82201a3133116533d03272becf7ed3d52c2eeb22c37ea0014f49c3364511
-
Filesize
6KB
MD52411f6967a404740bfadbfa78e39a391
SHA16750d6399b165fa2454ab062b9b409820bac685c
SHA2565db85fdc09e22a62d0e14ce7978b38ddc4cf344b7650333c27c914a8c06fe1f9
SHA512e2113e03ed8a4e61dca33c65ccd71672fcccb051e340668a8924a619750d06ef26522ac501401faf51f85ceb92c496fda5f9644746ec5721dd41dd608c462433
-
Filesize
9KB
MD5b9a119bd70d5d4abd7002c3a6ee269c3
SHA1ddd16f3c1cab6f630fd56aeeca8b6b3733701336
SHA25669b5bc2fd72df054c490cb91ae061415b34796bdcb1dda1664c5d0028acc6a00
SHA51237b5a73a5d682497a5aadfd5bfe150f35d7fee135b489ff5365c2dc786ccd2729e1375ec7fbc6ed0eb0504fdd81df7ccbffdf2b1e3cd661977f46f66c07f36f3
-
Filesize
184B
MD50958fa3bc2b9cf201369dc80758f7995
SHA1f12ad9040fb2d043601d341f9913362906468932
SHA256bfcb311596fd9d548200792ca48878cab8105355b009b9c55ce9f9eb57588e78
SHA5127cdc974a927fc876fcb2995be46587781c8077f6c7b676cd06b4759cd97df064aebb494db28bab0a13be1c0b3f4c6a0c43470d280354ca1f55dc452cc1cfa867
-
Filesize
347B
MD51477e89c40e05aeb0af0472475e91cf8
SHA17bd7e3ce87d8c799786ca4dfb0d0cc4afe94384a
SHA256d67c7f4bfc774b021a863fef489b393058c0f4a44fad7f7b5c96afd85c98b856
SHA512a905a8324f4439c484e69e69ed6c29749eb203bf01a4449abd93513fa4c408f7b15ae319c3fb9d79d1481dbdedc7bb5f7f28a49614db1ea038d7b9791042da34
-
Filesize
326B
MD5ca822ba2081ebb3ec6bf3f3e1a90c473
SHA10bef642c240bb83e9c904b57e00134593c03d2c8
SHA256c8302cf8c3e4459df54bdd9c295b35a3d0a4ae615d6d9acbd160ddf39288b680
SHA51219fac55cdc94aa07705a0826d03f1bf2de2bdde6dc0429e1814847329f8069c56fae07dcbe5d70536d8aae85e1604cf63261c63c0d0081ce62852fba38af0bc2
-
Filesize
1KB
MD5920d121907b07a2b705d2737adf131c5
SHA175eb8570115f4aee2268b10599ba95f0a8410191
SHA25696975d2d0f3e4fc7d36deeb97d050e15fae1e31c9ba8e00740b2a300e0ce0532
SHA512065525b0b773402a278ebdd580637b757eef6f0e938da0ebd81a6ab42cd71a9f48680a99d4c2ee30b88a9c1d9a3ce50e4ba8ef4aba5173195c21563664812cb1
-
Filesize
1KB
MD537d71426744376a77e9ece4f150f5e85
SHA1006a1e399260048569021fd98e895a6e2039bf6a
SHA256103503238b1bcd9d96820a195695b95e51ae321cae377d2f72e546f56c86377f
SHA51281ed98c8f1600eef25b6651a63647d33ea6924f84570209b01270824dbea88212fe07d675ef0a0c83ab15e56dc975e60dc7d9ad6d5f1c79d94060ab11f5b2646
-
Filesize
538B
MD53353dfff457ad3c576a90799cf5d2b3f
SHA170837fa389e6b968d2284c3c3bec9c7f32671cfd
SHA256ab448a3e97e5173c151d4e697cf2bc48d7d50f7dd1d6c680b12672e816540f49
SHA5122e4e00d71c065cee50b51cb0cbdf019863a9f8a767d1be93adb96f02ee618eba666f088630463cf6f05bc9cd949cb13e6a7e4b5b030b1e5147d324dbd37f0fcf
-
Filesize
128KB
MD5bf4a4a3e7c70f03af905b311fb324445
SHA15157d21bcf76290c44419a411f86bb382a5d59c3
SHA256a636286f4dfe7826f324b3ad761ebeac918d337c7e035aaa1f3f74008191b1fd
SHA512f9a8b0ebd9e31fa7b2d70bc14554a84c0ecae6c47e7fe74315b7cde66acde1847e39ee17c6951660c9216115215ce2d202d7f9398a23ff75ae4d210e997cbda4
-
Filesize
116KB
MD5927d307dac3abaee79f12f8e723c9d18
SHA1df3ee7578a088658ec0ed63e7f63ce1293fa131d
SHA256d8c1a1a2e651ec82f9b8f3d399df3e509ed2d6d3f49d83eb5a92de82338f652a
SHA51262372bb9f3c7557d3c5e1384f483d620bb6d5745cc9aabba4285cec4a2f8086e556e6429a3687b36d7c42cf2a215c8ee687870e1125ff2a48f2edc08789b9e82
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
11KB
MD515c7ea4c59ee9095ea60719d7558503f
SHA1c0ca4aadbd1dfc2f89b4c3fe28796b85e1f85d30
SHA2562a5cd1f5e8a48667dee7e9c37469dcf39affb71349d202a797f09b3814569fa7
SHA512fd1483968ae9c79df7aa6028cea6b6e2b9773e4479a58c3554da9c495a5012f66f90d97c8595c5cb0c23396598214248ece36a78a7858376bbd5da52f29bd5c5
-
Filesize
11KB
MD550eba8c144840b09c68ad69230c2543e
SHA1a1f832bfd666ff89a68a9908a711ba3410770f3a
SHA256fdf6ddc9b1c1a7cfc35cf3abfb777960a840f9b100a509c8d7a6addae88034fa
SHA51299f93a8bef76e6922326747001d72a903b71498560a4d5c89fa356c849be846bd2816c8ee4096051a8eeb4ab963fcb56dede711930e967842b5ebc943523a2dc
-
Filesize
11KB
MD562c8e1478ee4a5066fc256f347c808d3
SHA1ce4afb8fd0748ee25fcd3d6ab8a8a3caae023d5c
SHA25604c6544eba172b10fd93bef2f7b567e4695f33b5e275fe2aa524ab0201a6126f
SHA5124f396ccaefb3708230cca5325d1dfa0f396f8a7f2154e64e642eeca81cb956d4235e5c02aa41c474dbded6ced2b163503d73504702b2f2ff779bad2da0e09474
-
Filesize
10KB
MD54bfc1a5678ec8e170ce56f175e2d3797
SHA151fb5b5bcf1d43748ff939b53375ce3c3f21d2e5
SHA25639fc00f944a99c75a2b074d2f6e748450f8a8fc41185473df1916e72d9d3e45e
SHA512eb31b1d83537d1f20f3d68a1bb80db275fe9cd42d541cc54821a86efd3d89842432536d286f8cdb47a4f3e97f0c13066ed16a7d831fdfec449e110d6fd1ce044
-
Filesize
264KB
MD540369a57458de8da2e5a304c9c8c40ca
SHA1f79505c4b85b2bf8e3557a530781cf5d55517258
SHA25604978cb61184d50dbfebf55689bb390a35f12b041ca10d8da5085e55d4f72db4
SHA512810bd70a771f586f01e6593e6263fe4145431fccd35517cd53fe3e0d8a7cb3e89b7fdcb2b37c64dac7ea606766017524c565a95c5dc48de15df328055a84e985
-
Filesize
4B
MD5bcd79590e6cd75eae43c4ac46d81105c
SHA1e677f2ebd09a2645dfa752a4d4f2ee8482a8dfb7
SHA2561bdfbc80e31d26eb4226464e8124a5b3079d9d2e7f1b81c55ea73b0958dd8989
SHA512b3ba37e1748bcbc798560e1f661d65baa0b9b425d338d51cafc93983d335e788a0bb4990650338429aa5f0439398f933002372c7e97cbdbbaf60f3e30a4a2dbf
-
Filesize
4KB
MD5879ee74709623bc839e8203cf0b56681
SHA19e447c6cd14ce51f7df9b38d11c98267c6079259
SHA256190c47dd47992f82998a7faec500b1ba85c02568b285032d730fe9712951f2b2
SHA5127d4f152552dc538fb380ac4dbffde69328d653a54deae7778240b009ca84f0485ee01c2283def7b4f889727bc0d6447eb34150fc05fbaacebe277a2edd65bb52
-
Filesize
15KB
MD5ee68463fed225c5c98d800bdbd205598
SHA1306364af624de3028e2078c4d8c234fa497bd723
SHA256419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04
SHA512b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107
-
Filesize
7KB
MD5d070f3275df715bf3708beff2c6c307d
SHA193d3725801e07303e9727c4369e19fd139e69023
SHA25642dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
SHA512fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
Filesize
321B
MD5b3184a663010656f601d3a8ec014d53b
SHA1d9a1795d91a81ee8b6eaeb52d03765a9c796a74d
SHA2564bce21f882c2d66b8c036a6e06d8c45d05f9aba19679a724c91f42bd5d7d440c
SHA512e065c89d7335bba6ca8ed42d3bd0dbac1f06e55422142c5380eadbbea42f9a3f46e702ce376309a207f30c247fd71204537470a17be2426e8c2c304d698c9748
-
Filesize
6.0MB
MD56818667184b5932f3e4f554ed1075fe8
SHA159a7a5715bf48d4346eaa4a5ce93a87e15adac71
SHA256fe43c0daebace84ed84884b877150d609199c13d0ba9254d35a0d305f4f42440
SHA5124b3a900472b204134d8c9f0ca82b78390ae92557594ed65c514c79664e82fcb9f587fed8a790cee1b6497eb616c4d4dcdcbb5d19de1c6fde01223dadfbd9f665
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
