Overview
overview
10Static
static
10VSNKLGuzoF...2).exe
windows7-x64
3VSNKLGuzoF...2).exe
windows10-2004-x64
3VSNKLGuzoF...5w.exe
windows7-x64
3VSNKLGuzoF...5w.exe
windows10-2004-x64
3VideoCodeCX.exe
windows7-x64
10VideoCodeCX.exe
windows10-2004-x64
10WcsPlugInS...ex.exe
windows7-x64
5WcsPlugInS...ex.exe
windows10-2004-x64
7WinLocker Builder.exe
windows7-x64
5WinLocker Builder.exe
windows10-2004-x64
5WinLocker_Builder.exe
windows7-x64
5WinLocker_Builder.exe
windows10-2004-x64
5_003E0000.exe.vir.exe
windows7-x64
9_003E0000.exe.vir.exe
windows10-2004-x64
7vmem02.exe
windows7-x64
3vmem02.exe
windows10-2004-x64
3w8i9eHkHOwWwQlX.exe
windows7-x64
3w8i9eHkHOwWwQlX.exe
windows10-2004-x64
3wpbt0.exe
windows7-x64
10wpbt0.exe
windows10-2004-x64
10xpiofrbtkzhr.exe
windows7-x64
xpiofrbtkzhr.exe
windows10-2004-x64
xxx_video (2).exe
windows7-x64
7xxx_video (2).exe
windows10-2004-x64
7xxx_video.exe
windows7-x64
5xxx_video.exe
windows10-2004-x64
5xxx_video_...vi.exe
windows7-x64
10xxx_video_...vi.exe
windows10-2004-x64
5xxx_video_...ir.exe
windows7-x64
10xxx_video_...ir.exe
windows10-2004-x64
5xxx_video_...ir.exe
windows7-x64
10xxx_video_...ir.exe
windows10-2004-x64
10Analysis
-
max time kernel
147s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-11-2024 03:48
Behavioral task
behavioral1
Sample
VSNKLGuzoFJgFHyEI15w (2).exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
VSNKLGuzoFJgFHyEI15w (2).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
VSNKLGuzoFJgFHyEI15w.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
VSNKLGuzoFJgFHyEI15w.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
VideoCodeCX.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
VideoCodeCX.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
WcsPlugInService.ex.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
WcsPlugInService.ex.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
WinLocker Builder.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
WinLocker Builder.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
WinLocker_Builder.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
WinLocker_Builder.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
_003E0000.exe.vir.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
_003E0000.exe.vir.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
vmem02.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
vmem02.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
w8i9eHkHOwWwQlX.exe
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
w8i9eHkHOwWwQlX.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
wpbt0.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
wpbt0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
xpiofrbtkzhr.exe
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
xpiofrbtkzhr.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
xxx_video (2).exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
xxx_video (2).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
xxx_video.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
xxx_video.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
xxx_video_26726.avi.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
xxx_video_26726.avi.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
xxx_video_35942.avi.exe.vir.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
xxx_video_35942.avi.exe.vir.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
xxx_video_35942.avi_unpacked_.exe.vir.exe
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
xxx_video_35942.avi_unpacked_.exe.vir.exe
Resource
win10v2004-20241007-en
General
-
Target
xxx_video (2).exe
-
Size
608KB
-
MD5
2bcae695288cd75a2d71c0dbb69359fd
-
SHA1
6a0476b62c069d42a2d8290b7d467d8a136312e7
-
SHA256
d51d08aef8661780261241ddb5bb2617b1fafa1ac1cdcad77e825c16faf48c79
-
SHA512
a28d5299addd39b0905745889cc478549c295ba9a19d49b1b0fe723840c298d0793203627ea5852e91ed2efc6684d2cf7362ff2958e52eb30c859cab497b0e96
-
SSDEEP
12288:ao7VLRpB3hC/K+wAN0PdyT9ElIdq5uMumzu5FEiXqv3RZF8N4E:9P5zZI43
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation xxx_video (2).exe -
Executes dropped EXE 1 IoCs
pid Process 4188 SonPw.exe.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\My program = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\SonPw.exe.exe" SonPw.exe.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows boot = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\SonPw.exe.exe" SonPw.exe.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SonPw.exe.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1564 msedge.exe 1564 msedge.exe 4868 msedge.exe 4868 msedge.exe 4352 identity_helper.exe 4352 identity_helper.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4008 wrote to memory of 4188 4008 xxx_video (2).exe 83 PID 4008 wrote to memory of 4188 4008 xxx_video (2).exe 83 PID 4008 wrote to memory of 4188 4008 xxx_video (2).exe 83 PID 4188 wrote to memory of 4868 4188 SonPw.exe.exe 84 PID 4188 wrote to memory of 4868 4188 SonPw.exe.exe 84 PID 4868 wrote to memory of 1016 4868 msedge.exe 85 PID 4868 wrote to memory of 1016 4868 msedge.exe 85 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1568 4868 msedge.exe 86 PID 4868 wrote to memory of 1564 4868 msedge.exe 87 PID 4868 wrote to memory of 1564 4868 msedge.exe 87 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88 PID 4868 wrote to memory of 3808 4868 msedge.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\xxx_video (2).exe"C:\Users\Admin\AppData\Local\Temp\xxx_video (2).exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4008 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\SonPw.exe.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\SonPw.exe.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornozud.com/3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe490e46f8,0x7ffe490e4708,0x7ffe490e47184⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:24⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:84⤵PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:14⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:14⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:14⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:14⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:84⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:14⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:14⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:14⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:14⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:14⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:14⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12812257882255332818,18004059097613642758,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3524 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2576
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
5KB
MD58ffe2313dd3997592981d9e26a56fb8f
SHA1487f45eed24a430253a27371b09a7af435ef637c
SHA25615ffc2637caa15f447b50a8d55168ba2b5ab068efa6b0f5407e743730876c67d
SHA512e6f6bf7dad0354bc31be40355ef306a75867b5bd1da7844a782e6126ad899e9cd6dd1e07e2635aed0dca22133ec0fc02fec03ca1b81456df05b9df65cb620ac8
-
Filesize
6KB
MD53b4de5fad9c412e5ca905434ddc7da7b
SHA1cab7a444fff43c317b66574140aee6f53e60dd22
SHA256bcec17bc150da93a026dd1267d77088b8586128ddf2abe4171a77a08b5ff7ce8
SHA51213e874097ae554bbfa83d5531101e7739763cf0e01347dfdda1b6f9a2d6894e4b4b21d9693b33262da947f661b010bc6c718eee88ddafcc4610c7eacbffa1747
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD510a77739caba7de28e17bacc3a06e0d8
SHA193af038d77c41cf06927f544c014f4af4978bbb3
SHA256ab75149ad62ca210e1864343a80135db4d659531963c58d8c93ed7bb518e8b12
SHA512995b7a1f7cc6f2a34065b6c8af2263467f4c402a941eebfd12a64b5e6bbf55d082fafa9ffca437032dc15be91cc1b1ef3449130225feacc692a0b792fae7e677
-
Filesize
221KB
MD50281bba49b8475542e9021eb64fbbbb3
SHA1c5a1bce7918e88edcba692c6c54ff9bbd80ce2ed
SHA2569a879fa5427056f857e48b62637b8653d46e29ffad34a5c5c15bf6bfa86bdc6a
SHA512fb28dcd9f0b8d0a3b188510088e68351d09004bfcdd382853ac1052227461ba1ed95350e10db28605d6a8be57a484f7d30737d8f7b97b1c81885d60554c51cd6