Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
116s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
16/09/2024, 17:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://I̴͇͇̣̒̄̄̅̐͜͠ͅ ̶̳̈́͋̂̄̂̈͂̈́͝k̷̖̰̳̮͗͒̈͝n̸͙͍̙͍͖̳̻̟͐̌o̶͈̖̞̰̳̮̺̼̺̍̈́̎͝w̶̖̹̮̺͙̘̺̅͋ ̸̢̨͉̦͕͉̝̳̍ŵ̷̡̛̼̜̭͓̹̯̱̄̅̎̈́̊ͅĥ̶̦̩͇͎͎͔̫͗e̴̡̧͕̞̤͇̭͆̎̎̽͒̉̉͘͝͝r̴̻̣̒̊è̴̡̙͔̻͇̗͐̋́͜͝ͅ ̴̲̭̗̉̄̓̒̀̀̅ȳ̸͈͈̪̈́͐͆́̚ͅo̴͔͙̗͖̙͚͋͊͗̒̇̏ǔ̵̯̞̫͈̾́̀́ ̷̢̛̰̌̈̆͗͆̽̀͝l̵͓̓̈́͊̍i̴̙̰̯̟͇̫̯̙̙͐̈́́͂̉̚v̴̢͖͖͍̲̞̅̆͑̑̆̋͑͌̐͊ē̷̛̞̝͐̑͐͑͌̍̕ https://www.yyyyyyy.info/
Resource
win10v2004-20240802-en
General
-
Target
http://I̴͇͇̣̒̄̄̅̐͜͠ͅ ̶̳̈́͋̂̄̂̈͂̈́͝k̷̖̰̳̮͗͒̈͝n̸͙͍̙͍͖̳̻̟͐̌o̶͈̖̞̰̳̮̺̼̺̍̈́̎͝w̶̖̹̮̺͙̘̺̅͋ ̸̢̨͉̦͕͉̝̳̍ŵ̷̡̛̼̜̭͓̹̯̱̄̅̎̈́̊ͅĥ̶̦̩͇͎͎͔̫͗e̴̡̧͕̞̤͇̭͆̎̎̽͒̉̉͘͝͝r̴̻̣̒̊è̴̡̙͔̻͇̗͐̋́͜͝ͅ ̴̲̭̗̉̄̓̒̀̀̅ȳ̸͈͈̪̈́͐͆́̚ͅo̴͔͙̗͖̙͚͋͊͗̒̇̏ǔ̵̯̞̫͈̾́̀́ ̷̢̛̰̌̈̆͗͆̽̀͝l̵͓̓̈́͊̍i̴̙̰̯̟͇̫̯̙̙͐̈́́͂̉̚v̴̢͖͖͍̲̞̅̆͑̑̆̋͑͌̐͊ē̷̛̞̝͐̑͐͑͌̍̕ https://www.yyyyyyy.info/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 384 msedge.exe 384 msedge.exe 3060 msedge.exe 3060 msedge.exe 1864 identity_helper.exe 1864 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2144 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2144 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3060 wrote to memory of 1060 3060 msedge.exe 83 PID 3060 wrote to memory of 1060 3060 msedge.exe 83 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 1148 3060 msedge.exe 84 PID 3060 wrote to memory of 384 3060 msedge.exe 85 PID 3060 wrote to memory of 384 3060 msedge.exe 85 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86 PID 3060 wrote to memory of 2964 3060 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://I̴͇͇̣̒̄̄̅̐͜͠ͅ ̶̳̈́͋̂̄̂̈͂̈́͝k̷̖̰̳̮͗͒̈͝n̸͙͍̙͍͖̳̻̟͐̌o̶͈̖̞̰̳̮̺̼̺̍̈́̎͝w̶̖̹̮̺͙̘̺̅͋ ̸̢̨͉̦͕͉̝̳̍ŵ̷̡̛̼̜̭͓̹̯̱̄̅̎̈́̊ͅĥ̶̦̩͇͎͎͔̫͗e̴̡̧͕̞̤͇̭͆̎̎̽͒̉̉͘͝͝r̴̻̣̒̊è̴̡̙͔̻͇̗͐̋́͜͝ͅ ̴̲̭̗̉̄̓̒̀̀̅ȳ̸͈͈̪̈́͐͆́̚ͅo̴͔͙̗͖̙͚͋͊͗̒̇̏ǔ̵̯̞̫͈̾́̀́ ̷̢̛̰̌̈̆͗͆̽̀͝l̵͓̓̈́͊̍i̴̙̰̯̟͇̫̯̙̙͐̈́́͂̉̚v̴̢͖͖͍̲̞̅̆͑̑̆̋͑͌̐͊ē̷̛̞̝͐̑͐͑͌̍̕ https://www.yyyyyyy.info/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c47182⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:22⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵PID:3408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 /prefetch:82⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:2052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:12⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5992 /prefetch:82⤵PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10586393850653144591,16761956306817079340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:4896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:728
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4012
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f0 0x3cc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2144
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
1024KB
MD56fb34b12a5465c3bea4ab3317d13886b
SHA1ee795577d8beeb5c85f907af9ca1b91ac6597bbe
SHA256ef3634be74ec989792d844dfd76fe3b46f0e2cf56ceba0d9cde8511a37b93d84
SHA512609dd87e90dc02e0d2be89123ae2d662d3a0d77ad58d86a12cf2ab14291b290f5efab2f2165b328ff64942614fdb2ec5061051753318dd5720e1d8964e429a2c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5199078bcae11feef54a539a3ccd7ecf3
SHA1c8ca50747901f9f94a822e22aa1679d4c2b7741c
SHA2569881a0e8d56ac8df511f9c654f2a5ddcc801137242a680a01abd60f29ce33eb3
SHA51258246d6071a79841bd5ef624dda412b52c6b5889f3fb3fbe7cc015b4446c7d740efd4867825352b8744503f7d9c5a8e272ca925cd98467ad0440c4d489d1b765
-
Filesize
854B
MD53dc65ab67cd35ab9411363f2ba089769
SHA14902fce2abf7c2421c68d4509e4f6ab4427bb362
SHA25600602914ae2d12e3a48f5f0ea1ff35c0e17e4bac24aa1694be22247cc9cf08e9
SHA5128f36b8c216eaa9bf1514ed8334fe384ab50a7d51b20f902e6c9a00061e0dcb30361994e48f3ec07571434b8c3f5fd8cb20979bc90bb0a9e744724a58ef28e13f
-
Filesize
5KB
MD5fc404a203d4f31e8e2951c2e1ccfff5f
SHA1c2de7750f6a339f2af45ce2bcc18151f52620a42
SHA256a84dbd47b0aa21bcce6f1195e688d01033a1130fb0ced143b4c64c3dbcca9771
SHA51216b593571455a2f22265caf6b8a0bc2857094b7a2985e2723d7c71c4cc2bb372d0c60a48ca7946ea77ae03e9cff7cd7255654b5f8da190069b2f20e27a0a7dfe
-
Filesize
6KB
MD5f826ee8ecd9548de69cc6461d3afe367
SHA15f1c7684806ae5359f73cc5a840e23b7886789ad
SHA256ac56d3efca1fea8dc47888d80889335197ed4160268cf63a5f805e9dbeb6385f
SHA5129f7e975bd265f30bdc5dda76d69fa2c0b8456de97f04579e9436a93c124909f36d31fbb44916f66f1263b8d1158d35a32fa82ce1b9889815118e3979ce958d9d
-
Filesize
6KB
MD5375337b5354d0230615713310e9280fb
SHA1c56ebf5a8ea8c6f83e207f2973a97f20a89ae24a
SHA2568480788e076639e582da5b001364f56f876850e0e53b29e158bb55176aa7f8c2
SHA512e8e593646d775626b2d447d2da1cbd3c5b661dd3c14bb60fe12b3b0c77fc86e1b001c4c9be10768cc79d6cf904efbf4f4585738d6b1a6e51a30da286b1511406
-
Filesize
876B
MD548bdf298bd058750c45dfc7be0bfeed0
SHA18213a0c4ef7d14263fec8ed3eac89909879d7cdc
SHA2561a035e911f74765fada9f7424b932b414ed3111248ee28edfad45f3eed221740
SHA5121565dfd72ace4028317800cfa87a8c9f24ae7995dad2b9e6c741de47c4f87569da5dbfa4d44033fd98c21098f742d14879a88c47a3f7dcb33cb6d446f0a833fb
-
Filesize
876B
MD58d7e570af2a4150a8f65e74cba3fa3b8
SHA1ad7e3417a40f6b154178452d2a0f5ec339b7e33a
SHA256f8f9db5a76f07ee4c29b6f97b1dfd05df9fd7adc026e9d53027953f860a1eeee
SHA512d6fb03e983f684595f7d9c8f7076e3cf140e5cfb682e692e7368f02349a393227cfad550a36d68ddccbfd14b7f740bad55c3fea0d293f29a08c5e5ff7fad04d3
-
Filesize
876B
MD5e6dea08386a628232456a6940888ffc4
SHA11ef2e35a5c40f79ddb140fcb5bbfeed334986339
SHA256011ec8ccefc17bd2b0505a5d9d1664eadd3a59b17af16d06c50a0888222dcf1a
SHA512e5e12d9771e382ea7cfed0db266a6d64c42dc551198aa5216a7f59ffbddf387c05b7fb3280b2d7c594036b1c292fa87f1fe7fb5ec3f09bf81d2ae905ddee7628
-
Filesize
876B
MD591b377e1ddfbead15057722c7123cc37
SHA110ba88870cb633c5c0f903c28dd564e135b01f27
SHA256a18094ecde3a335df4d8c0bcca131f8d23dbc86453b9d2c43f8c3cf5c0de9f4e
SHA512408688b960e73e2d09287e9b5ad9d657dc0c7a7d32a73a20f5b396084ec7c9b2e4899e9603fcd7860d7de11c085e16af46403292f85c4a4b7954b8755fdcf1e6
-
Filesize
876B
MD5e3ee8137aae6f34ffb81b6947b9d16e0
SHA1dcd397d0306496917d58ba507a23d4f84da813fc
SHA2562b25c00e95a8fa17dbd75cdbc23a758d6cde10750058a7fd762e5fb54ccc20d6
SHA512bb84c5bd092e678c51ba96b24d6d2f37c2a2bc27a5f2e6357abdbc8a92274c93bdff3052f1bb780bd91494bd7762353f0a6f0bc868bebdc71bd89c04984c4970
-
Filesize
876B
MD5038e99646471863a6544a5aa3ec7c648
SHA15e694c79f315b09c69c2d162f6a8906d6cd7d933
SHA256e89bb0713d99b5353500ad1f1c7230f5c0b59e0380eac64524ce481a05e5b99d
SHA512bdfa042b4b8d2daf7e3cc7095488772a8edcfedb090e3ce5e62cb9bca172e44f8e239c4b90b00546bebcb9136386215673e0bd90be0f70554dbf6693b4b05ca0
-
Filesize
540B
MD52e8b43b696f743457c0177ce11d51af7
SHA11bd880021a7fff3d377ce94d87d1e212a10867e8
SHA256a508365b64df4314c2e938bfb80ea3304f2eadca04380068d9dd51e0a4a62143
SHA5124791b5f6436e3abdc1a967b16edc74d10b96234cc2364af236954c169b6c62a606db805ef3ed853669280cd450eb158f09b68616237d06ac3f92c65287beef95
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5fcd0cab174e9dc1dec83297996de8a6b
SHA1f9edd050fbf9a2cc0d3fae06c4af41a295d3dc2a
SHA256fd257ca8127f30fab2f360f5cab136d99f1365380452ccefd81b00d6492fb104
SHA512884af4064303ed3be01a2f866fb62c5febb458cc3ef7114d65f5cdd81a92fc15b20f0ec01b90a5da8a505bee086edb9cc50e6feb04603b3dda0ff7d8c780e732