Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-11-2024 13:00
General
-
Target
main.py
-
Size
6KB
-
MD5
05c4e53647399a18df9fe55e93929f0c
-
SHA1
5968ed8aafb90c55cbf7e657766e2a9a77996517
-
SHA256
45c402960509b98680afe64893c800b729f979cd7a0d072b3c561d7a0260aa60
-
SHA512
6f038ce8401eff07cb5537898aa4f33c01be9c1cac59634c69195730db44f7a7480865796140b8b5c397b9054f79c23c581d0839e3daf742da2af2e175a05aac
-
SSDEEP
96:MbXGWDiJEv/ZqNE1AqwUGCTR1mIL/83SuFT69qkdlxqot0qotEkr:IGGvxqGOqlpT3mIL/8CuFT69bmCkr
Malware Config
Signatures
-
Downloads MZ/PE file
-
ASPack v2.12-2.42 2 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE 4 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.py1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76dc46f8,0x7fff76dc4708,0x7fff76dc47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4588 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6504 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Avoid.exe"C:\Users\Admin\Downloads\Avoid.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5784 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6632 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Curfun.exe"C:\Users\Admin\Downloads\Curfun.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7272 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7304 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Launcher.exe"C:\Users\Admin\Downloads\Launcher.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7588 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7540 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,9876985592087388333,8509512022659262026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Windows-KB2670838.msu.exe"C:\Users\Admin\Downloads\Windows-KB2670838.msu.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
20KB
MD5b701fd5ce841ce90ff569c641bf0cbfd
SHA1923ef9dff528ad65b6f135828aa39340be591a9c
SHA25626ac894bd46903e9b8d08bf85cf4c7795e88f7c9dd85717b7560e16acc007fe3
SHA51267d8cbd5ca9334aa5c784bb73b2057d28e2a3687341cd62358b5c5211ba833e10909dada2069b49b0ef328c1a40d8e02b58d27385e3d944eacde240a4bcf2fde
-
Filesize
37KB
MD5d34875fe1c47517f4081a1e2c5bc91f9
SHA1204fed3cda5eea26388e139dd1600682e7665cf6
SHA256aff6fc26fb0c69a279bdf9b32b4d2560cd47039470cca8248534daf8d0876186
SHA512aa164260951708910e1cc3d83c17f2d176427dcbe53e1e13cb539d65317a1750bd1e482850049e9c126aa5e70fbdd72db13d50367b90c8b8b37f01a264ecb148
-
Filesize
38KB
MD51806db26c5d614e263c1cefdbb1211b1
SHA1412443dfdf346d3dc2d68e30cf717b402443f939
SHA2565c191b166a2ad5f70572dea7fd656306623e3274a544d8e084a3c5f28b9acfa2
SHA51243ffd45fafc2063328297193a992dea6e8d389943b3d39fb393e74d8bc64ffd50017be0978cc9b1c1e1242b88486e36d5b33840008e2482098c79814de4ab2fe
-
Filesize
22KB
MD5ef29bfb1387b586ae8255ea38b4dfac1
SHA19bf4210a476cc3e71cd86807d3bf43cf7fd552b9
SHA256725ee295a00aee811955b7c9648e3f4cd0076d546c304e9d74ef78f61401b120
SHA512198d95651bdb8161dba4eee700e392e37d80a5c34e6264e3bc141ca216597698c584e6461c0ac40c02c9359136bdea98e5d35dd846b2961724019048873a55d9
-
Filesize
18KB
MD52e23d6e099f830cf0b14356b3c3443ce
SHA1027db4ff48118566db039d6b5f574a8ac73002bc
SHA2567238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717
-
Filesize
58KB
MD5217871a0796256bc350183f26e31aa31
SHA1cdc2d6a070a8f7c14c5ed894e6be498719c47f25
SHA256386cd3c8b815278e62a698147f03c747a6b190c44e8afae55fc246767d88baf2
SHA512059a7fa978a9ed8cd385c698177e9641abcfbef4601bc2e8aa3e484e2d5fb730af6686ecdb9167189627705123f217f5ed4007baadaf15a814c970cf4b564b1e
-
Filesize
16KB
MD5da4fb15960b623d2d1e45e712eab4e9e
SHA14daa448effcf03190d1a8b38b4cd377d8a1bf0b8
SHA25604a50722e2d7f3138fb002ddfd8dab1b0bf44803960fae3dd1f336118d8940db
SHA51205a0acdcee52bc0708da2ee4a1da468e07ae8ed525e0d4552f36fa9bd3f465d5f982e2d58f07cecfe78b0834003754f1d0adacdfac70b3b1bc2a85973e4f1ab0
-
Filesize
38KB
MD5f6c1297fae3fc10f55d4959d9dc771ce
SHA12df076464b94b7b06d771f3ef68e7a1403ec3d82
SHA2569aa5a405e664c215a315b794668de2faf252ee0bc0694596d82a1c0e91564ae3
SHA512d0d3e4a6fda2f9abb60d05befceaec9f1dec9d5dd4a31df5eeb94f0c1c545cfdbf70b862d0340a460e6d0cc62b8df16d3ea839683fa534c67030e70a181659db
-
Filesize
53KB
MD5cfff8fc00d16fc868cf319409948c243
SHA1b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA25651266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA5129d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b
-
Filesize
88KB
MD576d82c7d8c864c474936304e74ce3f4c
SHA18447bf273d15b973b48937326a90c60baa2903bf
SHA2563329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8
SHA512a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46
-
Filesize
101KB
MD59a861a6a772b86aaa2cc92e55adf3912
SHA185156e7eaf0d3bff66bd6119093610e8d9e8e5d2
SHA2566e7cc83f3b23d5f48bafdd934321de60485eb8d9ced04c6299e07dc6bcbc0d1b
SHA512b0a051e2e703227a55674fe235a97643ab1478af2384a5a974605cdd0e4ed79916d65e2adf61d19f59779da920699e74ac72cce05ec078f22f9b6678c5022a26
-
Filesize
19KB
MD51e53408e78feddaa3dea2f0014d5dead
SHA13dbd20f4511465b8b18e4681ea24f9e0140307cf
SHA256deb39cbf92259253ae2c5627f31489104612379e8d781a7b2bce775682c2d833
SHA512601a7dd43d4e43ad479b4241d02652c5523b2bd900118bb2cfd579bfa451e96a6328723c61146ebc113e79c03bf718464504d43502836250fd6b3752e13d6467
-
Filesize
19KB
MD50bd4e57603b449fffebdee3f01914644
SHA1c72b2a917995c331072e4cee9f0f99679f7c3e08
SHA25619b4f6ca3d75ee91b6e7d97e023e98088e8f6c8e5948690a7127664567021e66
SHA512096918ccc4ea4511cada7455b2371f49ffb3c90db69ef70de9459bf526ae5a2854643aafb7d86992b4671c0175e4c8b989c4307e1f3ea74b8853484dbe0ad0a1
-
Filesize
64KB
MD5cf24aeed740453abf59bca799d6d432c
SHA1272fe2398079f582b7dc8d67ca4aeeb17106a82e
SHA2564d4b6efd02e2b251dc9b4eb65380714bc2fa034e18e845a21512dfe736098b5d
SHA512cc098bc448881281f6d8902d29bc3b68192a074ce688677cef8ec3016ebe361ab9027b75425d374b12bf1a59b1fc6307ea05082b43e4b35b3a8bc6eac98f45a2
-
Filesize
2KB
MD5d196428a0d71b8bb40db0849caafc43d
SHA1d91ec07a686fce1773ccd566ccf342044d04be1e
SHA2563b1d239247396128a2e1b29894090b9229acadf0c92b38a32b00ef1b33031c83
SHA512b750bb4ee34ec7f00188d98eaf10a98bf3f94c5522357ac0f8fb5dc02d9bfbd7992d0322b298ab40680b8df37a1f8f37af195f751c801aabb6ce08e9c585bbb3
-
Filesize
2KB
MD56e720fef04cc0f0a171f19bec6e81ccb
SHA1674e17dc5028c402a228add378b89198dfb6b98c
SHA256b04068b0e19294c654a9eb79c239785eb0e484cee330885d1a0e390c3bbf6911
SHA512a1ce68c6913b8897da91b9404bc9d2df21e604873126cf699355173c3707501c24e90b0b7eb36bcfb365154ab6c9f19aa2a84fd32c536e815f35a0389703c8c9
-
Filesize
2KB
MD5ba3d9714701c0b6f3bd6f87929bce428
SHA1b9fdd11d3a2e5f0935257333e6dbfdc5412d8363
SHA256e44cc250497e4a43f8ad42b423da8d900e8c7060bf283e21c86581f42c410056
SHA512ccfaed570beb62d0e791db1befb5ef7f6a555dd8e5d110c2ab06df8e1e976f5fb6341167b15c3c9ee65cf53f61bb9e64d315c75faa9aef13e9f756d7f28c8dc7
-
Filesize
940B
MD5939243acb55386ee3e5dea7e77f946af
SHA1669c2725d5155e760d89d94b18ce5705efe757a0
SHA2567e70b457336d774d0a38869cfa427b61d69c0f076be4b1c900f54c91bde201de
SHA5121d8419b7b6df1fceb379667d8b6fc5f1ea4b49df6c862662cd7c2ec484eb3b15055489d84ede301677edd1cf6b5725f96e2a12960a3e0fd406dd38a4f5b964e7
-
Filesize
9KB
MD5b9190edd4961b30330e5ae0e4ae09af5
SHA1237148230192bdc946f25ef2ea3e24de5ce38077
SHA256ad01839429b05fc2faecefa8c290284a8fb9daa4cc5ead3a9cb795de76952e2f
SHA512fce907733e45e9cd72c54ba6d4dfc738b7148b88417bcf3445e193cd52ecac1bfd6dd4cb3309e88232ba137e330e59981e3ea7403bae0011d27b2594e7e2e479
-
Filesize
5KB
MD56eeb154c825fa8e8778ff97d5e890a41
SHA1619f7217be6b35473e99eaaccf2e2f9753b199e3
SHA256a6227256e0c2fa887cd9fea4fa983845e145071adeb5f6286c255f1433501cb2
SHA5121daee6eca9feb8af529aa2ca590f842a41fde38bbe84df5a0d53d9e6053eb105b177dda1b99f03ea5fe96f8debe853b5d669947f76f4a8a84c7d20ba6ee70df2
-
Filesize
6KB
MD5c3846eeb0061135f64f7328de839db59
SHA1e22ab8a1c9fe6204318b3af94e40d793e42399c4
SHA256bf19ac44538da1061411656dcb5c03ec3743bd9408b83750760b3ce54ec1a32e
SHA512f92430423ae183e1771c71ef6313b22472fb4ad879d4bc991eaf7c6528d4d3d5600da2da088870ed23e371668f68c48a64ea784da9236bf32c39b066930108eb
-
Filesize
6KB
MD5e38c2052a5644c5738053b02a2f81c9b
SHA1c4af0d657ef217d740a4fc5a8e244ab171dc2d51
SHA2563a177547879e783395d1c1d4c6b9b2b465399116251f6c158325833988eeceb4
SHA51240ec192556c2406e3f82c6cefce60e9bc65e5883ec01e5730e2da9c9d09260db7ae7d8a66cc981ab4026682bb7668e77e2038d79e9f409091563b001edaeb7e8
-
Filesize
7KB
MD59f70aaf332ae38f639c0dbb1e8998896
SHA1f9a4464471de2a223a79b62e7defa1c630cdeb77
SHA256496a06bca8488bb1e5e8b101c8ae5631c42d1b2ead783b79cc1c56f18e474aaa
SHA512a35c6eb193b2d4c0492f5d8253ef9a0685d3c996aac15969e8d85466e6a6dddf3ef3c5f16308cccae415b246932c4f5499f64be02733dcb238ba2781b9cd4567
-
Filesize
1KB
MD568052dad4b9850ecb558e10e050568ef
SHA1acd04ffd82a079585a5683a544c43729af6c58a9
SHA25662f0d17cebe1185ee81e70b91a6e21b5efac0a6eba5796a78a34e3d682c8bbaf
SHA512a223c64d90ea6bb24f4b9a3fe3ccf49a7115713c348b166c4e164250720ebffd3063a49ac3e26d0b4e428a3592c33bc2303e45f72cdc901daa5688687828538f
-
Filesize
1KB
MD54077fc08f2b01cf9b05bb4cc01b5c1eb
SHA1464b2f3e77ae56a3754b2b2b8eb7a9c2d0b3dd84
SHA2564a839a1543010dd03fa5ae9671ad73b2ff59e996888f13860cf802673cedead9
SHA512bbbe0ade205261c806875cb5b5dd0476da5802bac1532d86d609ffd07552e1632924a4b94c534eed98078cb686093e2bc398e68d592fe374da1e92fdba504ea9
-
Filesize
1KB
MD56746ef06f2adbdef56a8c03dedcaae74
SHA16d6fcba74eab2d9b3666c67f26e3d4afa5448287
SHA25613d1b05da71a64319c7535dc99e2521a7dc24a2c53a1c10c95ccc926478a72a2
SHA5123c92fcfba753fbdb4f73faadb787170c50588737ea04a66ff3c44151e1374ba023ca6b0dfa3f1cee92dc7352c18b6e17775b2384f1712d2155e1308aaf3b6081
-
Filesize
1KB
MD5c7aa2ba97ff5ffab892130642b901fec
SHA15861f0af03677be92c6ed1c153fff980371fe3db
SHA25668b7544571260067c75d07981332dfadbc9229d4ff65e57fff4d074bbf44b89a
SHA5128a1e0997f8bba8732f5d66cf94b554506e97eaee099c9982848191257a120719ffc9a083f06186e3022470739e0e8bae70b8e70ddc2781cdfd2770305d5cd62f
-
Filesize
1KB
MD550435dad152785d1ea38d322dc29f2b0
SHA16fde87e71248fe5c617e58fdcc28bbdc52619845
SHA256be601725ffab5413a840a910b36cba506a40dfd078e4583374a6b8c54ff5ce5d
SHA512d704c0930dc7c0007de57486f0ec2409603cf22f369dc11737ca8abad2ab495b642639b4864b3bd58f63cdad8e44907d7c7d677c2b5238c423e10358d4f08f87
-
Filesize
1KB
MD58f7b4ae58bdf793e4a0be76181d74d87
SHA12ce61efff91651752c0c46f39e416e5251962f7e
SHA256b67d7e0662c3bbddb1fd1ed8ef8c628c952fdf4ee413b05bd496f7047132f146
SHA512708f21e02d9fc5a661dc9d193b5ceb6de9a80b1818f4c725e06def9e67fdea92f0568375c779eb98cc47f3310e6c94b0f48007f04da043c1756075fda61246f3
-
Filesize
1KB
MD58e4466907b68488b9eee36bdc9e4a9eb
SHA105cebe2fde30a469051150bf7e4f69b6fde43c76
SHA2568731a066eaf82d3a9c0e38f3a96e6173e93d918b0f298df1f993c37380c2a189
SHA512cfb18df079ad8baf2135a6f87cdc25634dc17567c1f4fdd3fa54c5837c090fed78fcd4ee9e02e8a27fe2ebd921a6003b8155563cec53c7b87d87e2ad1245cab4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD555b4f3e26d6d7b991a09686f2f0bec1e
SHA162dca8128b836c29e092d5d3d69f54e6036bf9bc
SHA256dcf58a013cca6a186b6dc411c73f3a3e55926b08b1b6cc9c43526669e0c7cabc
SHA512bbe737d02889fb03030e9de9a5cb77b562e3f680df9cc5479b3c9cb76cc06a68f19a4ea772429b30716942f45595bbba54e9e85bea7a9ea5050fd6f16c70866f
-
Filesize
10KB
MD579e9168214dc92a78d61c8da2afd8c22
SHA170d6ff7b97c3646ec49f93a7acc4ac96cf1b4100
SHA25600233efd3da5c7dcc119581a26f0d382f07600604c85c4a0f0635832ec044226
SHA5122505604a75726a3c3566e17d6fbe9686dc2ebea95d234fc848c4ed45547df180faa69a48701663fbad20309b4f76a2d4f6feaa99ecc8caece9bd29df4579eb82
-
Filesize
10KB
MD5386ef2e94ee254a5cbf887a63e2194bd
SHA1e95b1cbd95badbd9d1d398131a52a54ef916750a
SHA256f987035372df3c009e9c7d73cdda1189a0c8561c1a2444b448a3b478ce394abc
SHA5121b36531c1be5165ceab10eec04ca9de7c9d880841def331c3595b78cc24246b5661da921221bff43247cb154e0e31b9ffaaac5bd68cd80b6ee2898c79c886442
-
Filesize
248KB
MD520d2c71d6d9daf4499ffc4a5d164f1c3
SHA138e5dcd93f25386d05a34a5b26d3fba1bf02f7c8
SHA2563ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d
SHA5128ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704
-
Filesize
728KB
MD56e49c75f701aa059fa6ed5859650b910
SHA1ccb7898c509c3a1de96d2010d638f6a719f6f400
SHA256f91f02fd27ada64f36f6df59a611fef106ff7734833dea825d0612e73bdfb621
SHA512ccd1b581a29de52d2313a97eb3c3b32b223dba1e7a49c83f7774b374bc2d16b13fba9566de6762883f3b64ed8e80327b454e5d32392af2a032c22653fed0fff8
-
Filesize
197KB
MD57506eb94c661522aff09a5c96d6f182b
SHA1329bbdb1f877942d55b53b1d48db56a458eb2310
SHA256d5b962dfe37671b5134f0b741a662610b568c2b5374010ee92b5b7857d87872c
SHA512d815a9391ef3d508b89fc221506b95f4c92d586ec38f26aec0f239750f34cf398eed3d818fa439f6aa6ed3b30f555a1903d93eeeec133b80849a4aa6685ec070
-
Filesize
138KB
MD50b3b2dff5503cb032acd11d232a3af55
SHA16efc31c1d67f70cf77c319199ac39f70d5a7fa95
SHA256ef878461a149024f3065121ff4e165731ecabef1b94b0b3ed2eda010ad39202b
SHA512484014d65875e706f7e5e5f54c2045d620e5cce5979bf7f37b45c613e6d948719c0b8e466df5d8908706133ce4c4b71a11b804417831c9dbaf72b6854231ea17
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
548KB
-
Filesize
548KB
-
Filesize
752KB
-
Filesize
40KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
664KB
-
Filesize
400KB
-
Filesize
400KB
-
Filesize
400KB
-
Filesize
400KB
-
Filesize
400KB
-
Filesize
400KB
-
Filesize
400KB