hxxps://www[.]mediafire[.]com/file/go0d2s1phvtbw94/Element3D2[.]2[.]3[.]2192[.]zip/file

Resubmissions

29/09/2024, 15:24

240929-ss6ejssgqe 7

29/09/2024, 15:07

240929-shjg2asdqe 7

29/09/2024, 14:58

240929-scamyasbrh 7

Analysis

max time kernel
1221s
max time network
1219s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/go0d2s1phvtbw94/Element3D2.2.3.2192.zip/file

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Video Copilot Element 3D v2.2.3.2192.exe

Executes dropped EXE 2 IoCs

pid	Process
1208	Video Copilot Element 3D v2.2.3.2192.exe
2880	Video Copilot Element 3D v2.2.3.2192.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
1556	msedge.exe
1556	msedge.exe
5760	identity_helper.exe
5760	identity_helper.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4688	7zG.exe
Token: 35	4688	7zG.exe
Token: SeSecurityPrivilege	4688	7zG.exe
Token: SeSecurityPrivilege	4688	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2880	Video Copilot Element 3D v2.2.3.2192.exe
2880	Video Copilot Element 3D v2.2.3.2192.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 1708	1556	msedge.exe	84
PID 1556 wrote to memory of 1708	1556	msedge.exe	84
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 440	1556	msedge.exe	85
PID 1556 wrote to memory of 2164	1556	msedge.exe	86
PID 1556 wrote to memory of 2164	1556	msedge.exe	86
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87
PID 1556 wrote to memory of 1908	1556	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/go0d2s1phvtbw94/Element3D2.2.3.2192.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaae9546f8,0x7ffaae954708,0x7ffaae954718
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8100 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7017279042027999464,2545648934514036715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2544 /prefetch:1
  2⤵
  PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6064

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Element3D2.2.3.2192\" -spe -an -ai#7zMap2128:100:7zEvent20308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4688

C:\Users\Admin\Downloads\Element3D2.2.3.2192\Element 3D 2.2.3.2192\Video Copilot Element 3D v2.2.3.2192.exe
"C:\Users\Admin\Downloads\Element3D2.2.3.2192\Element 3D 2.2.3.2192\Video Copilot Element 3D v2.2.3.2192.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:1208
- C:\Users\Admin\Downloads\Element3D2.2.3.2192\Element 3D 2.2.3.2192\Video Copilot Element 3D v2.2.3.2192.exe
  "C:\Users\Admin\Downloads\Element3D2.2.3.2192\Element 3D 2.2.3.2192\Video Copilot Element 3D v2.2.3.2192.exe" /UAC
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
85458a939422b92c60b67687ec87343d

SHA1
1abfbf96543cca4c1d3586764ae96142368a811d

SHA256
6b77570c4a132146feb07e7a1a59e2e505d57a92de3929a0415b4eea22d8fdfb

SHA512
f59e0fa3db8af79f3f431b07439f6ac2743c0d31c6791bd1acb14da01b000f5c585d631f7c03a0a288a0f5d91043adc72c44716c29cefce8ac3dc2b0c42cd0ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
bee8a4ee572d99ac1210f4b7f8973d7d

SHA1
1030082d5f5d9e4c6d349ebb551b62df8bfd12d8

SHA256
ccfb0d77596d59abc1b27d3da2e0686c2e75644ecdad054ad833034b31299107

SHA512
c2f3b1c15facb51d0c2ef97d4956479a757775fad1fef2946489f34b4b82752a6b0db758cf29365e0b34b372652df58460d5a8375e0f15da983f2c8709a1ad17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9021e73a510d34bfad4c3fdaf1fb2e20

SHA1
c23bb003c5ee051320b6d1d10e484748510a6ed1

SHA256
0933dcf6287d6e227d52feb8c7062d3eef23a9640b656d404c494c6279cd7155

SHA512
8e21cc7f38831fbc8037bd2c4b0c0a3263f055b3c473ea1176a030d029b5d860e67752e31f452a597179c1f594746e28bf1ce01d894f34211887f61f2c5d38e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
40eecc1b6f20a37a3b26f23f32194d7c

SHA1
fb3cf95ae32c54e906069ed65d5c2265eba7c981

SHA256
87fa9e38f3dd521d2dfe49fcca4e97c1e13b6e634e7370fc7f29a17b2b02536e

SHA512
809fc9f1d619fee8af85137f159b8f1ab7c1c913cc4fdc4cee84ba8b9258abc4dc10004960478f34cd04f3c67319dc87230a5589c381743b1f582ba0b0ba2a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
acf7a4d02961d32116ba4500b532529d

SHA1
3a93ef8e1776910ce1266c23709cd72a21a3a818

SHA256
6416855da7e3eeaac17e45b798eb79ca15bf7ea3bdb34d5c9995874529cfdf12

SHA512
ba62ea2d1637dd823055b6c3a60272d6b1a8145abc1894ad0c6267b0c8bcb402b3b506fa8bf19f35af39db8a93741416a3548285c4c07c78f254fc532785df35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3480a405009dbf3bb3ed4500bec5995c

SHA1
6497be5fe2cf7f81333bf56a11d84877922bee8a

SHA256
bcb3b4f6f50c88e627b26fe7ce602eeafc6cbd32743c8895076011c2044c64a0

SHA512
c7e63198fe811e529c2dde91e2f5ce9cb49b98a18df28d2bdd80c61fbd8a25e5299011319ad2f221a6be31d165a537f99a0a178699433a7a4f01168223813323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
64ff1a3b2a1295c47c6590b040c78f6b

SHA1
df5223ab120f015d1bf10a72d3d0e5515b62eb9f

SHA256
bb478e299fa6826037c9de601ea23fc32ffd4ca59fb79f934cb164dc84f04474

SHA512
0e97acb8f27f9ec6282df0ee036faf973c6a4a8bc01be715aabde7aca7899919c2a7cf5977754a79d9011446e96fa84c7736a199dca525a833afbc1c0979996b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d4e2d442fd366b94a25bde167dbadfe7

SHA1
2ce80e8a7e26526194e93c5e9c8aa98b9b022f08

SHA256
a32cc597acb33920357c9551bf0017320927ce34387c159dd7599d942824cc0c

SHA512
1b6d53ea355b6532854774b27967e158363b9730d2be5cb338250a6b5023d65bff71452665b5da56a584f1c3801478a76756847ec2af1998eac94251f8c713d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582323.TMP

Filesize
538B

MD5
1038540675c541c52675f484578e990e

SHA1
90a616221ccd61be8d5226fa8fe596df4ea86a0b

SHA256
6315715636a5d33fbab3156ac5b1e36ea17fa8941824e781dc8118f31a6b729b

SHA512
11da731c8a1337729a39662417806bc61da95691eed541196b193f5cdab199bcf126d7f81c86c7b3d84b68eb164a3ce8141b0aa24461debc95c3f8e1f33d86ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
efcba844a65cc0adf93592b4db805ff8

SHA1
2150149b59c4bc7e7e8a9c5590230ab91fcdfc0f

SHA256
cc4adac26906284a928ebaab35c1eacc1b69f482e2d3961e0ad1a84b1d6ce40b

SHA512
5fa626f3d0b16cba13532870dedae021f185f79d09f315563374e1a43fbec3b4a8655dfe07e5d0891aa61c1ea87a6207eb55953ef9be7138cfc0af7f03615059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fdf9425c56e036c1ba0e5242faf7a675

SHA1
3657f1fd7e6acfc04c0e604447c71145cc871d2d

SHA256
7cd16339e5670ad409fcc0abe2e85b93d074aa245b7055cc53e80a2f91ba4d6f

SHA512
b755d6d5ab844f73f3d50509f4dc9b036b2db353243505c1dfbfe277743a741c2a6bfd5b9cec774ff067d980f90e87eefa70a0f9cfb1889fa373b2b57b82464a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4b4bf9fa916b93ec61c42e530107f3bd

SHA1
de11a262cb09205afdc50d783e34582aabd0d794

SHA256
8ed5863a8b85a9c9742a7e719a04c9cdcbf24af27198cf19d311600f147385e8

SHA512
ea1689beb9c579aecf68ac493a4113fac880f96b2e40a4eb4a573cbe3d5a877fca8229894b7e6dc8dfc5ace0de0b56c8f7f63f6800c68c38419a1f6338d7c0f1

Download Submit
C:\Users\Admin\Documents\VideoCopilot\Models\Starter_Pack_Physical\maps\paint_can_diffuse.dds

Filesize
2.7MB

MD5
7831453a351d0b578bdd19d93055a5bc

SHA1
fe3cfb9d94cec592a4e2fdb55077d2b56a0e778d

SHA256
1b043f7d20eb449e98d3ce0aea04f5e921917410386fec00f918e51fb506076c

SHA512
9c656498ac9224d013036b2b434475b101cbfd158c364837f8b91934d6e0ff7b8d68ae9620a5f85cd9e4acc38c2b21fd6a722f633b9a9778a6ab5fe5ab1622a2

Download Submit
C:\Users\Admin\Documents\VideoCopilot\Models\Starter_Pack_Physical\maps\telephone_pole_normal.dds

Filesize
5.3MB

MD5
232124e535c852a11e14f31e98ce2cd2

SHA1
58f2d4a5d1a1d022b7f6451b900cd497576001b7

SHA256
d3f114729a0de26c1c334e5439c8dffbe386b4160df1012644210311dea3a594

SHA512
ec3ad6d3d4573a34bb8748b57a64302bbfa41723a5a5fca472793b7b7aabba50d650cfd5179ba7d65b0bc20d9633d6fe5288254d399829917de15bd47756a864

Download Submit
C:\Users\Admin\Documents\VideoCopilot\Models\Starter_Pack_Physical\maps\truck_tire_diffuse.dds

Filesize
10.7MB

MD5
d02511db630092111895ffe844a60700

SHA1
16e178ac00a20e2a5479d58de67514b17bfadd93

SHA256
5afc14c3bfa3b95e43988a22dc4f5234a3dc308bbc138a035be70ee04ff48e8e

SHA512
75fa9953f315c591817bc69a12c5d649143786af94ea44957f3e188537a7310013e5f279601ecbc4cd04e22556bf7988ae54bb332fff80828c3ddeeab0087b78

Download Submit