Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
82s -
max time network
83s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28/11/2024, 01:35
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: #Pa$$w0𝑅D-3517__Sat-Up@!
-
A potential corporate email address has been identified in the URL: #Pa$$w0𝑅D-3517__Sat-Up@!.zip
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 832 msedge.exe 832 msedge.exe 5104 msedge.exe 5104 msedge.exe 2860 identity_helper.exe 2860 identity_helper.exe 3768 msedge.exe 3768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeRestorePrivilege 2864 7zG.exe Token: 35 2864 7zG.exe Token: SeSecurityPrivilege 2864 7zG.exe Token: SeSecurityPrivilege 2864 7zG.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 2864 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1484 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5104 wrote to memory of 3092 5104 msedge.exe 83 PID 5104 wrote to memory of 3092 5104 msedge.exe 83 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 3012 5104 msedge.exe 84 PID 5104 wrote to memory of 832 5104 msedge.exe 85 PID 5104 wrote to memory of 832 5104 msedge.exe 85 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86 PID 5104 wrote to memory of 828 5104 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://buzzheavier.com/zpxca2zcg07d1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90bc646f8,0x7ff90bc64708,0x7ff90bc647182⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:22⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:82⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5752 /prefetch:82⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,2250193330372755300,16124527453326935497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3768
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1436
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1588
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2908
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1484
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#Pa$$w0𝑅D-3517__Sat-Up@!\" -ad -an -ai#7zMap2276:112:7zEvent249201⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7cb450b1315c63b1d5d89d98ba22da5
SHA1694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA25638355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8
-
Filesize
152B
MD537f660dd4b6ddf23bc37f5c823d1c33a
SHA11c35538aa307a3e09d15519df6ace99674ae428b
SHA2564e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD54570a8088683a075e98f55e262cad623
SHA15b0d498f63cd866de84d8879dde361d43ecc4a44
SHA25609dab91dca075279862cd69414bdd50bc896d27d2223acf37647a659407372ac
SHA512feff644e3244bc2af23d7c6d638f5741132a1b1da6a26a9c9a96c3be6adcf7b7dc301ccf81d6cd378649381842d4bf98a62c9416fa127e281ad50bb99a0efeeb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize528B
MD5590077a125434bbfd075ea6c203fdf7e
SHA1bddd0216b85011aa813a2b44bf4b62edff525433
SHA256ddd736f61d1b37b33d176c31c3733432f35602330d6dcd3d4f5d607f4aa10dec
SHA512a9476731d1e7d939c9e454cd145ee55a5838866b24d6abc36868d25a7c31bf96012ec379556674dcf11aed47f3ea0e77d88f52309c57326b32bc0671bfe5fe9c
-
Filesize
2KB
MD5bcf8535a0b4fbd14dc919663c6ebf64b
SHA1de0417fa101d141ad4f37eaa1c4bbe98cd37cde2
SHA256b2d4880ff09e94b936910dd1eb1c74ae5a3cc4c4ce79a4b616b51b64172c8f5d
SHA512757d2a4bf124a3defd4768a3540902cfdd1d096fde1f1206a34c57c21a1bb6bc7c0db66b7c03560633f4d910181b40107ab559a91323c84d789e683fb07dc7d4
-
Filesize
7KB
MD5892dadfb60087e66f97e4400e80f2d18
SHA14a04748b0b03e85a7d992c3774bccb8d24a79fd1
SHA256c6b474676a95c3830100102135fddf67030752d30876700a2928a564f6a6c873
SHA512ace960764bf925701899c1c3439b29982d172edfedda50f1ced375f119d34f7400c3be5f19abe9be7ac0b0ffaa9057e27b898e3814a5449b90e07e31c1fc22de
-
Filesize
7KB
MD5afaa669b0cadbdfbe16b8203bd12a042
SHA13c004bdd5e860eef42348c378b0c268abb08b6e8
SHA25609a50a44e94ad291774eb0062421b6e9e67951bfb4991f33836ae039a59f2599
SHA5126a542958a499a0eaa0c67f1935845765a544444141de746cbcacc8dbb7504932afb45b83a07544ab0007a99765285d4d7f6660b8fd41bcaa585a82915c764b03
-
Filesize
7KB
MD57486a75680a07121e85a073043e2ba8c
SHA17d9b2bc0475fd815f44a6ac374f8fc8f7772e3cf
SHA256d3a578e80e7b35bc3966fc2639a8e8e699e11ffdeacdbc066a53d5158b59b4bd
SHA512563a1f64f2389d7799c9cac77be4ec38aca53d7332483f909eb077c78c32de9b8a0880ad289db86b1f159c7997f0d794d12786384469542478e59182fbcbebff
-
Filesize
5KB
MD54fc02728a3d24570a85252aab00c25fc
SHA1f5bd29b90442f4616c6799a21fc9feb05a783bb0
SHA2562d32348731d230c8cf3de2c101da145f86d09edd318a90dee36977056232de6c
SHA512b6e15b08d0bde43ebb73b276e4c4320f26bb61a0a7c7992ed93c863bd9321a3defe581c23882c76c73cae6918df0e2a4b8bfbb0119237178db73aa3382786ea5
-
Filesize
6KB
MD559213049dc98b3fe27fee7bd903b3693
SHA1ebe2016ebf377a8a1f3c7084acedf6cd4f67ad70
SHA25613e4f9198b3983ca65cce009db51f107129a753b31b1937fc06436c71deed61a
SHA512d4c84adbe9b3a9bc46f2f3870bd0604ff24f1d11bfff6702025919040577e682301afaff2b86dc00be7c46645168c5f38a00f98d10b32a153cb9d927d9b600d6
-
Filesize
872B
MD55fea260df7da4f1c708b731cfd55876d
SHA16daae1491e76cf778d75caf718723835a70a8399
SHA256b7843f1c8855eac84aeb9577d26873e58070d87f505cd8f1b36f79a0cd08087d
SHA512100f37583b33e443ed7c0cdbfda47a510149c366209d95e60fefb2fc1342c50510e6282247bdeb28ffb470bb3b8e9a84e48dcbe4900ea817086166416852f378
-
Filesize
370B
MD55f980f1a0ce438e53cdab50a6af32c5a
SHA17828606de163bf28ef769e0b068851bef1c2cff1
SHA25685861c446bb48bd497c4560a0a4a831d156d8bc4663c4dd104e1f0c3deda6a17
SHA5120cc28fc1a7d53d801e2a8f09bb9f0d3b5fc3d740bb280b0956d38dcfedef132df1fba7b643826bd117c8b9cd05f9ed818be05337acee8f3d25a40e3256936abb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b455ef5447dfae19bf5718a6c33fd38a
SHA15ccae9daefe8b04b611b24671cd51c6cb69834e5
SHA25669146c2c7f267bac0c25746950cd0d9a91b5f8dd554cc880ad8cb67c10cb1ee1
SHA512e5ff587337826817cc558b3713c83e54d0f003237bee56b1a49cd4b55e0e126eb03d56cb8cd7094371cbab60a90349731f2d26c6680d0172ba48a89926f03bce
-
Filesize
10KB
MD5fdfaa9f1fdb6b2eece83687215256dc5
SHA15f08e866914c8b6a4dadad3018188b13a7412bd8
SHA25663c55a4b988e2ae9e30ebe0284235087f325fe32cbbf80103d8dcaa7d1555976
SHA512e8f3b673fe79ca8322df02c616897480b738161683efb142e63dc37181e8a0065c0d3c6b85f4925a24f2ba27c403f35fed1704b2ff142df77f14cd019392a49f
-
Filesize
24.3MB
MD590fba55a5c4b01904f5a2bdab89386dc
SHA1caa620c8e8515435b7b8ce06fa428b779f176041
SHA2567580aa09c3759027ea913e5f76a3de6804973f36fadd396eba6133844b772032
SHA512a5de64c7d63dd8b415ee025b8226af6873260477010d68e40dc8f20cea132b89ef1ac0c9c995b17a05a3e5fafac1c37e6cb3358f0da888fea63014e2322de564