Analysis
-
max time kernel
1197s -
max time network
1138s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-12-2024 00:39
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:4449
vqdzzvcmvygkxkrxzkm
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
Async RAT payload 1 IoCs
resource yara_rule behavioral1/files/0x0008000000023caa-56.dat family_asyncrat -
Downloads MZ/PE file
-
Executes dropped EXE 7 IoCs
pid Process 964 AI.exe 3708 AI.exe 912 AI.exe 348 AI.exe 3528 AI (1).exe 2280 AI (1).exe 5036 AI.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings msedge.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 236084.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 952452.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3720 msedge.exe 3720 msedge.exe 944 msedge.exe 944 msedge.exe 3888 identity_helper.exe 3888 identity_helper.exe 3932 msedge.exe 3932 msedge.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 2868 msedge.exe 2868 msedge.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe 964 AI.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 964 AI.exe Token: SeDebugPrivilege 3708 AI.exe Token: SeDebugPrivilege 912 AI.exe Token: SeDebugPrivilege 348 AI.exe Token: SeDebugPrivilege 3528 AI (1).exe Token: SeDebugPrivilege 2280 AI (1).exe Token: SeDebugPrivilege 5036 AI.exe -
Suspicious use of FindShellTrayWindow 45 IoCs
pid Process 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 964 AI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 944 wrote to memory of 2800 944 msedge.exe 83 PID 944 wrote to memory of 2800 944 msedge.exe 83 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 4400 944 msedge.exe 84 PID 944 wrote to memory of 3720 944 msedge.exe 85 PID 944 wrote to memory of 3720 944 msedge.exe 85 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86 PID 944 wrote to memory of 2560 944 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/jRxcw01⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff38e146f8,0x7fff38e14708,0x7fff38e147182⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:82⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5532 /prefetch:82⤵PID:1700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6024 /prefetch:82⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932
-
-
C:\Users\Admin\Downloads\AI.exe"C:\Users\Admin\Downloads\AI.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5342088556122937711,10369182846354621414,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6600 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2448
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2932
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3940
-
C:\Users\Admin\Downloads\AI.exe"C:\Users\Admin\Downloads\AI.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3708
-
C:\Users\Admin\Downloads\AI.exe"C:\Users\Admin\Downloads\AI.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:912
-
C:\Users\Admin\Downloads\AI.exe"C:\Users\Admin\Downloads\AI.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:348
-
C:\Users\Admin\Downloads\AI (1).exe"C:\Users\Admin\Downloads\AI (1).exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3528
-
C:\Users\Admin\Downloads\AI (1).exe"C:\Users\Admin\Downloads\AI (1).exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2280
-
C:\Users\Admin\Downloads\AI.exe"C:\Users\Admin\Downloads\AI.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
Filesize
74KB
MD5b0043f99e8099eebb6a1b8445fe6117b
SHA1e19b6aa4cc163b3ccdb7426973770e83e35c421b
SHA256ad21d6f529c66987a0b8d8e572dcd08832a90b1c673d889e1d09182eae0cfc66
SHA5121a49e0dd3b09923d8005efb89513d86e86ca27fd32d25d72905fb7efb66465f21892087f7504ceff463dbec701f8d0df889386dc02d9a10878288519b1b0fe8a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD566fc8a05e648c329fd750945d10201ec
SHA1a0860ce863bf4c7a4615d0122531f4365fa268f1
SHA256080168aa5bd2196e10f45ecb91986142042b7b0372d0c938897f03242cb73a4a
SHA5122508420d0efaa8483c15ef05fd96e1b53d9b52b43a5480b53b670eeebd195abb65ec2f0cf683a7811ee8b26d0343e64b9a39f738e628ad05d19ecdd5de0cf5cd
-
Filesize
391B
MD55443244819526c00cac01d095e2bf58f
SHA1c8cbae51c0d5ccaf8cefd43834893204bf6081dd
SHA25651b41792d3e73abdcb83e89e005cf3e188c9caac9cfdc2dcf7c5367c6fd65ceb
SHA512395c5a9a2c2b636ecebcf436128215d582c6a30e89a58fb7ae27b8eddd7b5be1f8b72e43880233cfd2fcf761aa5a1b50f6fde026462bc72db2bacee37caf50cf
-
Filesize
5KB
MD5222e24ffc055db73c5841c491d85adf6
SHA1065ca575b195f877387acf7b18466d20f4f8cb53
SHA256ed95169334ef5f0e95ae4c9731ad84be80a9e4e23180124268b80d0063064def
SHA5129c21e623741129df1b99651b6e61e90d176bd03a3d245c63926e309bb5b602e941112d74f8e221510d93688fdb52339904d6734d5b6bdd891ee60442857a6565
-
Filesize
6KB
MD564d42b05ea090e5be84d076a5c4f7760
SHA14edceb569d0ed49a06cefb5d0660974623d33397
SHA25610976fe96b14f2bfe8adc3eb43ea03ca2d45b7b02c9f3206fe02f559ea78c2f1
SHA512b9af579ba936bf01369aa7512bd0ee9dd0d83e6b5bdaa87fd623632700b59ffe217dca9a5ff2477968f5c2bbba41cd1e3401c123e50ba1e9419806e6892aa7b2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f232510c8aebc5d92276585f72ae0c09
SHA1a0964f62c4b8800e81ce61d5168690d5db2a37d4
SHA2568a7bdd66f5ece82ad6ad47e34c52c038e81c95ffa20f07db2b451b7453c50cf9
SHA512b18d9180ac87b341e5321bead711a8975fd97df15558fdf76fc447ff4ac8ca20803ac75582481585cb624efff188773b5564ff8710469ec591efc30187861415
-
Filesize
10KB
MD59a02345b6c81c18d0d00623c385e0db5
SHA1d5af5f05f98c56fca737180e5269ab43a8cb50aa
SHA256ca35ea3997ace2489273c4b0aaa35094537237287697f9c29f30b6b8b9769a60
SHA512c651c9e2ed027b2eb52ea5dfd7ae254fb0fb1d91c21a927d7261734b2494f466bd343e11168b183e76a5a44082aa109f9b312ec969b0369f1b683294a7ad301e
-
Filesize
8B
MD5cf759e4c5f14fe3eec41b87ed756cea8
SHA1c27c796bb3c2fac929359563676f4ba1ffada1f5
SHA256c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761
SHA512c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b