Overview
overview
6Static
static
3cvery.com/...ct.msi
windows7-x64
6cvery.com/...ct.msi
windows10-2004-x64
6cvery.com/...ct.dll
windows7-x64
3cvery.com/...ct.dll
windows10-2004-x64
1cvery.com/...en.exe
windows7-x64
3cvery.com/...en.exe
windows10-2004-x64
3cvery.com/...��.url
windows7-x64
1cvery.com/...��.url
windows10-2004-x64
1Analysis
-
max time kernel
137s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29-09-2024 13:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cvery.com/Aspose.Project.msi
Resource
win7-20240903-en
windows7-x64
9 signatures
150 seconds
Behavioral task
behavioral2
Sample
cvery.com/Aspose.Project.msi
Resource
win10v2004-20240802-en
windows10-2004-x64
12 signatures
150 seconds
Behavioral task
behavioral3
Sample
cvery.com/Crack/Aspose.Project.dll
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
cvery.com/Crack/Aspose.Project.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
cvery.com/Crack/Keygen.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
cvery.com/Crack/Keygen.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral7
Sample
cvery.com/非常世纪资源网.url
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
cvery.com/非常世纪资源网.url
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
cvery.com/Aspose.Project.msi
-
Size
1.8MB
-
MD5
7cb16f5b86ac83968ed2658f07197194
-
SHA1
6217590f6a50a7d7153b6929b09c8c3cec155407
-
SHA256
58d60a9b8531f74288acd34997ba90e366f955052dc63757a9345386c26e1e86
-
SHA512
82e62edd0fefef514540bed77340b55ec3394b390f5f41f7c1b071b9fd9fcbc38b59a92c062946eef6e674e7722ac9b03be08db9ba06c78bd9a1a1f738671046
-
SSDEEP
49152:1eN67Bt+EEBe3Q5IN2DXPANeMrmV/juYoXP0r:I6X3x3wIsjAsMrmtjAi
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\T: msiexec.exe -
Loads dropped DLL 2 IoCs
pid Process 4912 MsiExec.exe 4912 MsiExec.exe -
Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
pid Process 3480 msiexec.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 312 msedge.exe 312 msedge.exe 3740 msedge.exe 3740 msedge.exe 3036 identity_helper.exe 3036 identity_helper.exe 1416 msedge.exe 1416 msedge.exe 1416 msedge.exe 1416 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3480 msiexec.exe Token: SeIncreaseQuotaPrivilege 3480 msiexec.exe Token: SeSecurityPrivilege 4224 msiexec.exe Token: SeCreateTokenPrivilege 3480 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3480 msiexec.exe Token: SeLockMemoryPrivilege 3480 msiexec.exe Token: SeIncreaseQuotaPrivilege 3480 msiexec.exe Token: SeMachineAccountPrivilege 3480 msiexec.exe Token: SeTcbPrivilege 3480 msiexec.exe Token: SeSecurityPrivilege 3480 msiexec.exe Token: SeTakeOwnershipPrivilege 3480 msiexec.exe Token: SeLoadDriverPrivilege 3480 msiexec.exe Token: SeSystemProfilePrivilege 3480 msiexec.exe Token: SeSystemtimePrivilege 3480 msiexec.exe Token: SeProfSingleProcessPrivilege 3480 msiexec.exe Token: SeIncBasePriorityPrivilege 3480 msiexec.exe Token: SeCreatePagefilePrivilege 3480 msiexec.exe Token: SeCreatePermanentPrivilege 3480 msiexec.exe Token: SeBackupPrivilege 3480 msiexec.exe Token: SeRestorePrivilege 3480 msiexec.exe Token: SeShutdownPrivilege 3480 msiexec.exe Token: SeDebugPrivilege 3480 msiexec.exe Token: SeAuditPrivilege 3480 msiexec.exe Token: SeSystemEnvironmentPrivilege 3480 msiexec.exe Token: SeChangeNotifyPrivilege 3480 msiexec.exe Token: SeRemoteShutdownPrivilege 3480 msiexec.exe Token: SeUndockPrivilege 3480 msiexec.exe Token: SeSyncAgentPrivilege 3480 msiexec.exe Token: SeEnableDelegationPrivilege 3480 msiexec.exe Token: SeManageVolumePrivilege 3480 msiexec.exe Token: SeImpersonatePrivilege 3480 msiexec.exe Token: SeCreateGlobalPrivilege 3480 msiexec.exe Token: SeCreateTokenPrivilege 3480 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3480 msiexec.exe Token: SeLockMemoryPrivilege 3480 msiexec.exe Token: SeIncreaseQuotaPrivilege 3480 msiexec.exe Token: SeMachineAccountPrivilege 3480 msiexec.exe Token: SeTcbPrivilege 3480 msiexec.exe Token: SeSecurityPrivilege 3480 msiexec.exe Token: SeTakeOwnershipPrivilege 3480 msiexec.exe Token: SeLoadDriverPrivilege 3480 msiexec.exe Token: SeSystemProfilePrivilege 3480 msiexec.exe Token: SeSystemtimePrivilege 3480 msiexec.exe Token: SeProfSingleProcessPrivilege 3480 msiexec.exe Token: SeIncBasePriorityPrivilege 3480 msiexec.exe Token: SeCreatePagefilePrivilege 3480 msiexec.exe Token: SeCreatePermanentPrivilege 3480 msiexec.exe Token: SeBackupPrivilege 3480 msiexec.exe Token: SeRestorePrivilege 3480 msiexec.exe Token: SeShutdownPrivilege 3480 msiexec.exe Token: SeDebugPrivilege 3480 msiexec.exe Token: SeAuditPrivilege 3480 msiexec.exe Token: SeSystemEnvironmentPrivilege 3480 msiexec.exe Token: SeChangeNotifyPrivilege 3480 msiexec.exe Token: SeRemoteShutdownPrivilege 3480 msiexec.exe Token: SeUndockPrivilege 3480 msiexec.exe Token: SeSyncAgentPrivilege 3480 msiexec.exe Token: SeEnableDelegationPrivilege 3480 msiexec.exe Token: SeManageVolumePrivilege 3480 msiexec.exe Token: SeImpersonatePrivilege 3480 msiexec.exe Token: SeCreateGlobalPrivilege 3480 msiexec.exe Token: SeCreateTokenPrivilege 3480 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3480 msiexec.exe Token: SeLockMemoryPrivilege 3480 msiexec.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3480 msiexec.exe 3480 msiexec.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe 3740 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4224 wrote to memory of 4912 4224 msiexec.exe 84 PID 4224 wrote to memory of 4912 4224 msiexec.exe 84 PID 4224 wrote to memory of 4912 4224 msiexec.exe 84 PID 4912 wrote to memory of 3740 4912 MsiExec.exe 85 PID 4912 wrote to memory of 3740 4912 MsiExec.exe 85 PID 3740 wrote to memory of 2192 3740 msedge.exe 86 PID 3740 wrote to memory of 2192 3740 msedge.exe 86 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 4584 3740 msedge.exe 87 PID 3740 wrote to memory of 312 3740 msedge.exe 88 PID 3740 wrote to memory of 312 3740 msedge.exe 88 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89 PID 3740 wrote to memory of 2012 3740 msedge.exe 89
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\cvery.com\Aspose.Project.msi1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3480
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4224 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D5E3D4E679E5324A0B7132F00F18CBC7 C2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?LinkId=98323⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdba6e46f8,0x7ffdba6e4708,0x7ffdba6e47184⤵PID:2192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:24⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:84⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:14⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:14⤵PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:14⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:84⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:14⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:14⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:14⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:14⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2371767998669561630,12371083027869648098,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:1416
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4692
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2936
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
339B
MD5b53e5affb0ee13d7f93c0c081ccd5c0b
SHA1f9830948996e0e13e418941cb895c28542f1ae18
SHA2566950dff413a6dfa2b96a3eec1940f7998d9d944f9039b69d6c681ccbf772d936
SHA51261eeaf1483fab3db8d1914c2fe465d9a366b2e2dc85fb4b85e503628a74d2c42f6261e139bb60781ac24f7be20339b953c3a60ee1f33ea904cdc8db07d5e2882
-
Filesize
5KB
MD5ad66813217bc381318572ac4356ad43a
SHA1d83784dbb0709d7e53757e7358eab51e52ef4d59
SHA25692aee2821b2cbf8bb634a3c85f45839e9bd747f1dcdd854e070b1fd43078a125
SHA512fa4fa6e1f0e5fa17adafb1873cc19285962f32dccb28542a432b724136ef1d191bc64eafa4b73307811187c55142e08d625119d93ad39f89c415ee74115d3ed2
-
Filesize
6KB
MD5ca7baf51d35a0dd22cf58d839cadf0aa
SHA1e54cac269e029fb2897758f27a58289a9830a21b
SHA2565ef2502c8db31657e516befd43af9ce7394d6c5043197ad755f5a910c49709ae
SHA512adda6569467a49bdcdfe1a25c1b45149fa99d6cd3c4934cccc4be689856eae0bd7351080d28a7416c2e34724289cc7600ce15c4538172038c27972752b4d7baf
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59e9b8039c95bf73bf4226406dc5a49a0
SHA173e1f7be7ef6328a08e8ef85f4596e7d00eaa36c
SHA256c0dddbac6ad0b7743ba382845bf532feca222ebbfc4a35dec99f3704cee11623
SHA512092d054b868582517001035a08636e560b8c831850944bfac57d63253f115a2ee407c6e1db7718c61de93733bbf9707e747c7fd9c036784b3294727a898934b5
-
Filesize
204KB
MD5ccc3bcc7dba16b96fb3b62f7b1c5164e
SHA1465b35f14500e67b7a2b6ad01f07e740729fded8
SHA256124c8472f359e036755e0a4d87487ee41ac26cf78e2cc4175f88a13797d76cf8
SHA512cdefb9870354c2d315b1226170337fff0585482eee812a7d58f41396c91e4e5eb0ff169e237c2bab0de69c651749fdbd0166d73af6b2ae97fa60e12de8b5b0f6