Analysis
-
max time kernel
93s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 20:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://fluxteam.cc/windows
Resource
win10v2004-20241007-en
General
-
Target
https://fluxteam.cc/windows
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 65 discord.com 33 raw.githubusercontent.com 34 raw.githubusercontent.com 64 discord.com -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 142 api.ipify.org 143 api.ipify.org -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756567866737147" chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{640B7100-A5EB-46CA-9CA0-2F5723B37771} msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4356 chrome.exe 4356 chrome.exe 3632 msedge.exe 3632 msedge.exe 3856 msedge.exe 3856 msedge.exe 5732 msedge.exe 5732 msedge.exe 5616 identity_helper.exe 5616 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
pid Process 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe -
Suspicious use of SendNotifyMessage 50 IoCs
pid Process 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4356 wrote to memory of 2316 4356 chrome.exe 83 PID 4356 wrote to memory of 2316 4356 chrome.exe 83 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 3964 4356 chrome.exe 84 PID 4356 wrote to memory of 4148 4356 chrome.exe 85 PID 4356 wrote to memory of 4148 4356 chrome.exe 85 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86 PID 4356 wrote to memory of 4736 4356 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fluxteam.cc/windows1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb504acc40,0x7ffb504acc4c,0x7ffb504acc582⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,14397425977611075102,10454811127244361561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1632 /prefetch:22⤵PID:3964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,14397425977611075102,10454811127244361561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:32⤵PID:4148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,14397425977611075102,10454811127244361561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:82⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,14397425977611075102,10454811127244361561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:3436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,14397425977611075102,10454811127244361561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:3240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,14397425977611075102,10454811127244361561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:82⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4804,i,14397425977611075102,10454811127244361561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:4768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,14397425977611075102,10454811127244361561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3760 /prefetch:82⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:5080
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4780
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4348
-
C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe"C:\Users\Admin\Desktop\FluxTeam\FluxTeam.exe"1⤵PID:1064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/fluxus2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb3acf46f8,0x7ffb3acf4708,0x7ffb3acf47183⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:23⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:83⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:13⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:13⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:13⤵PID:5580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4948 /prefetch:83⤵PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3348 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:83⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:13⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:13⤵PID:6032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:13⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:13⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:13⤵PID:5140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:13⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:13⤵PID:6128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:13⤵PID:6120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:13⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12301459073328029821,8966138140964866936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:13⤵PID:5020
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getzorara.online:1000/2⤵PID:5436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb3acf46f8,0x7ffb3acf4708,0x7ffb3acf47183⤵PID:5420
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5284
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD560175a2a0ef12032251d676f354bcab7
SHA1bc67bee90b427b5c075ea0b53bfc1f672512e012
SHA256f86f10caad2094fbc29346322f53683a56f513cf5602a553cccc6f9e13e1a17d
SHA51202aa7cef6a30bccd650c04564e852502c892dbcda6ee5a425cf02f7bb773fc286e0613a07280c20d943c50277b0f23f03d75e1df6cb11c363ad635acad859efe
-
Filesize
2KB
MD5f6cf54655732545ae1d8bb00255c2b5f
SHA1451fd97d49ff062bb57d10eeb4695906127c3a66
SHA2569fc481f5c1d64292e1d1a94742a9bfd67c02fa3f63067d5d5145bf0ed5d52ddc
SHA5126ac68242ad1ae27205d8275ba1b9ac6eaf4dfa8e1326cdd40328e6e669f6363970f9e7598363e1ca315b640da62c4daf52d2d680813be826fbef9b837ce74e7e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5bdae2df2026e574a007c1b6048bb7a64
SHA18524e25f85ad11ae6799d719ec3d0073635ef17f
SHA256fd6dd06ee3184555d3eeafee0cf974c9ea67a9656c97363a3a865c76b0be6540
SHA512280157fe3687cc16744b96bb87b08d3288da8c334cca14133c24030e94300df0e1fc2de36f9a2c19b11614ba717e3bb13e60e64847ffd63d01d65e3fa16ddc46
-
Filesize
9KB
MD55b8b5961ef53358281e91805e04ae14c
SHA1460d39902426e7b2a5795fae3bc71e3693f1e83c
SHA2565efb8cac842771469a2b8ad158366447f28ad3648a42b947b8d52094b8eb0004
SHA512957e523a65ee9c7826137e3101d9ab536fd9b04fd1be70753a2413653afcc9d561087bffd0cc694af59093652b68ed0252630c1f17132a3b918a5889eba54971
-
Filesize
9KB
MD5888038147a187384d2c26c4c68288825
SHA1ee7137bb8a541eb0a9ee68bc9709dac309b4a7fe
SHA2562a5a1e8836ae92063990960f075a6ae59f0790e7794d623895fe02d08bd025bc
SHA512b6fb91260c7b91d8157abb417551a9f766e5779c7d05d7a1a7e0b92f96be5edbd1220b1fd1f6583fe134b6f86902fed1997b3124ad9a0f8295b00882e794f743
-
Filesize
9KB
MD502d680ff8b08a8e4217d12170315da9a
SHA1f2970217ba922e24ffb4afb7db5a26c161e16a7a
SHA256c48499cbb89b3bbfdae15db544e1e6ce1f8e69e9bfa09db302406b3d334fcbce
SHA51220fefd28e60af1abe3900ac9bc78e843d7147a11f3f2ea3f44eec281ca45eb4bb9daa84c33d8014aa86f7936045440d4cd2c83a1b01cc80002dbba2bd00c897b
-
Filesize
9KB
MD558fefeda72680774329238d6c47c2ba6
SHA1042f30e477ce5e648d730a294a80dd3b5e5fecba
SHA256d3d530408606ade00e49cb35b24a90a8395e729f969098cb08ef42bc33f08d75
SHA51236c296d29f33acefd197e6dc92222a3260e9d0377d0999d967b6d107dc6c22b490d14389a5b4bcd59f8b8de5c82981285fea9cd8fb8b6085e78faffabc802021
-
Filesize
9KB
MD5665448774506181873ada6faff6b5b30
SHA1896f3aa10a7fcf156a7cdaa17f1dd89cd9338394
SHA256a14356980c853e93d7727bf528d34a285e0eee5d33ae219eaf6e014c1daf87ac
SHA51219384f9490698a4b0919f4355bf5d49b15f0a07c53510aa5a7f445816037bca35d537bc17a0f7dea4eba27000bcde695883cbf2b487873acdd3cc2d697ace88b
-
Filesize
9KB
MD5a9a2c0a6210a9a75bfea9b8b782c1970
SHA1862e1950b30f022745b0cf9b5978a3ff655e9b6c
SHA2562c648ef9e86bcd966f145b7081ac95904b687f5f8fe68c43829377a7f5b337e6
SHA5128966cf8ef065aa2dc5ddf700dfb6e26981dd4b68289566f2f88d2ca93fde09acad8f3c8897faa48691f987ad2a388eee0ec48b46a8804a220703001789ebac95
-
Filesize
116KB
MD5d7cd45124f1eb3352c5f1817e54e9c50
SHA139fe674d7defe6e52eb7084e7b965249ffb9aec0
SHA256fe165e1a09464b6b384a3c7d2d70cba4c26c9af3fc676e0aed69c1ffce48c6da
SHA5124b64a2d4f91e864cca9d513a656b36b671fc490223f3e180a05e2f548ad7bbd3b333c08b8d24e8981e5150726e157183fb72d2f979f07878a113f6a0b2739ede
-
Filesize
116KB
MD55a4ddaf3bdcf3d665f2081d587058fdb
SHA148a22ada8f5499493a3e317028828b3959a9b300
SHA256936c98dd496d28c82ba2f80b8a9b567fa286ad6714034ba6136af6611f850936
SHA5126811c3dd8c193fb130151b5239cba3e3dfe5d22a0b5a2c35125ab86b73f21054b8a5556e16dcd4d555c04edfea1bede0f95fc484f0f60e642237f0a15cd7eb33
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize960B
MD51b190b3611231270d8fbf6606b1ff2a7
SHA10c60e4c7f584b5802262295a7302216e60becf0e
SHA2566d0c4a5b5b11f3ff46ada7050ba4055bed76776dce4a37e14f8e1332181c819b
SHA512a3bf16ae5ec2593df4080f0167a5694b463c7ace6c6359d7ccd237988c41992807115e0c9c3761759f4bbda5a2acb8786a02bbafb15085ddac0532b4fb69ea1c
-
Filesize
8KB
MD5a79b0e72a035c2c4801165ed86a475c9
SHA10f643de55f268f55e3e90cc4e7eb08597c0383f0
SHA256eb32d3b3a38d1ece92a46263a458d48335a223ddea047e9177eb9d927b2f58d3
SHA512b349b6968d924c42e71ff44f319f4ca2ec233d7ce93c2f6e50c135e7ab983b01bdcc22730c155e4f45b07bccccfa507fe4a7e1af884bf50687c4e3c48534a73e
-
Filesize
5KB
MD5c4867882ee32496a03f8beb1ba080559
SHA15e1737ee22d9887220b079ac9ff8b6543d4a213d
SHA2568f25a6a6ec78b232f523128c2bdb3df57acc0f0c03e131ce3d889c7bbc58ef7f
SHA51201399c06cc48b3672448605babefcb8cd938fff6ff437dfb7cd448d15f1f7803537b85fbe91bd6025ae87ab24e1cf847b74c922666001fb119ef30eff2ecd651
-
Filesize
8KB
MD521906066b4d86016583b34eb57b16879
SHA109afa54f3ea949f99cc7329d249729a9918a55ac
SHA25627a964413afc2adb72958c7a1e5de55cd21845fa99c74dc3a21d3f039fd29037
SHA51284a44a122b8324c48d2e29858e7452d150aaf5296e83bdb45129247594d8722766fd604dcff20d42cb7f7ae24dcd53ddf9fdc158fe3cc9b17a375b099693a39c
-
Filesize
6KB
MD527bf61157dff5baf416debf34385a26e
SHA12d2c11716cd14a9efe453e2c9862827b2bb9c1b6
SHA25697d9adfe3c12632e54245e114aa421e4da834329f13c6448cdd3bd20d2d9ef83
SHA512fc60c3aaf038eb51951862b63f7bb2eb994e5bb21a7d2133e26bff994aba6f61a86d300f1101ea7b6bd121d2c019dd11338e5d84ba365e97a45fcb11d245e386
-
Filesize
1KB
MD5722ec4032d7b0c12d6b13d4dda10aa12
SHA1c04480949f83d015e5d81971ac7728ac5a7c17c2
SHA256da9a10efe75d8718d0c07637a91a1a6ac1e2cd8ab10dc16367a857eadb705e77
SHA512413104dd35203baef708a6d9e59ad6799f602b7960a1caf443cf810659b911a691c27dcd49949d51f43f9c2489fc0ddb567e47a72dccbee3d1c04ae2292c4574
-
Filesize
538B
MD5725e47917894af0057238a182a1b7681
SHA1ea7d2031932ae94c1f6c965c095aba41d1542215
SHA25679f9cbe104eeed4fca729e28e9ef2230faafcc1092a224a4399a3d55164ee92d
SHA5125a1e12d3e1f88056ac7f432fcbc53b4350ff29da877f73f23b3bbd248fc5ae69ea43d8e9f5d0ac60ebd3f9aa6d15c5df8ca676ceb0713445f925ebd09b156fec
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5a16d472f6bec235ded0834ffab9d5428
SHA14c3fa71812b7a2109b48151aef1ca7ee23aa22ea
SHA2560446c645f4634e68fc907d6bb1bde97525ee68d6b28553c5aee2c49799935045
SHA512b7dee75d67812aa5f9c6e452a01c275f3adbb0efee0d0ca4e3b6023b84db0a690e8cbb4784c78fc8d07fb4194d4ec0a5f24a10a1bc522891d2e572439a8bda06
-
Filesize
24.0MB
MD5c0f8b2f13f5c46ef2b4f07eb2b3442f1
SHA154dd49f7b53d0be5e02970bccf1553b6eea912d6
SHA256f04cb2156cb1f4bf8fd65c7206542cfc2a049395c93e6b2d7afbad763ed35e47
SHA512c0549e771e6dde2ba0d367b9ef5eb1257dd5cbd11ab583de410644d27c117c3813080d0db18a1151f5cce9c23782fd70b144a0d12c9f7ab714874def6914a240