Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
30/12/2024, 20:44
241230-zjcjfazrhy 826/11/2024, 18:42
241126-xche1atnb1 826/11/2024, 18:41
241126-xbwk8stnat 411/04/2024, 09:32
240411-lhs8xagf79 1011/04/2024, 09:21
240411-lbmgsage63 10Analysis
-
max time kernel
841s -
max time network
846s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
30/12/2024, 20:44
General
-
Target
https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar
Malware Config
Signatures
-
Downloads MZ/PE file
-
Drops file in Program Files directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: LoadsDriver 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8f65246f8,0x7ff8f6524708,0x7ff8f65247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7044 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7052 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7380 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8164 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7360 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6624f5460,0x7ff6624f5470,0x7ff6624f54803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7360 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7940 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8404 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,14058399092024217394,2407355782441529290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50d57a449c855203411a38d5ae80bc24c
SHA1b361032efa556fc4557bbad595ce89c4b0c13dba
SHA256bb59bab10e406cd91bdfe4fc0e8ce2817a6ca32fc731ccb3f90b6b79c1a46c21
SHA5128d4244dc9c0e9518cd71aacaa54d43c1e2d74519e3e692160b2b040d00aac25c4ba7a5705391e50957d46c8c711dc07604effea3bc06c8956ecf717f61008da3
-
Filesize
152B
MD577fe0ce7e1f9c9ec2f198ad2536bf753
SHA12a366472f227a24f3c0fba0af544676ea58438d7
SHA256c69ca7653724e1e9e52518de8f4f030813e1431223d5b6ad3270531d8df89f00
SHA512e8d4e17b93fb19364eeeffc5b1016fdbe566a8b8d702005291ff263367840b8ccc76290d8a3ad457d40fb5d1c2204bdaa5acba9374236c77935ebb0fe597a095
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
48B
MD5c835b30cced9b00bd0568caa0e3742d2
SHA1707735e27b0701e8740b44c1297c8364b506cf39
SHA2567d64690a55d55a47f78a1066b6ae47c47462d9c612dd3e326b52fdac0f0183ba
SHA51219a715abd6a62c9613006dc17e35b3cc079b26fc4a3cec69d1dba8dbfb0670fc0040896cb04070433b0b6356b5fd5553f1b1d494437c1632d71187d9f5c04391
-
Filesize
408B
MD51b84e926aedc3fa9cb8935abd3b7ab5b
SHA1b86f918e6ff34cf1a391e7e4f46f5100cb58a0b4
SHA2568bd7f09580fa5840e0b4e974501dcaf63e16e6d49c67c553238cf669df67feed
SHA512c31d1268d45ab4a44c7f22cfc472c63c295c14d443b03568fd002c729bffd22c386ec137bb3dc68de0b601f130d12b78fcd6d95d533c3fe970a7ec09fd32c447
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
4KB
MD58bf3981b44c1a316109bd9c87bffc3f6
SHA154c390a49f15cc9bbac81af7b5d8efbf2ab20668
SHA25622cc905d9679dc651a45dacf99a6891abbf1b71e655fccb7f2301be0478555e1
SHA512227793aeb1cb666f657d38b7347de4e5b727c1d0d4634b0a3f9fff3c8133becece9258670fcd2eedf23c239b55b173aecfed4459b9422ddce4003f21aec886fe
-
Filesize
4KB
MD5d8c407627639eee7e0cf7a483cc411c8
SHA181799e488191b377784b189710e027375c5c10de
SHA2566b0a5b511da5a30f81f2f3db984f3f45d7a8ae469c27b3391fa65112b7c73eaf
SHA512fbfd3b6e99ae56ce60020a8d264a49359d1ebfa79d054a95ae731ac8c35b8f55f7cdf904ca678a25409f08f9c2ce0033e5f2d6770241a0e35e4d2f45e1910041
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
5KB
MD576606cafc3083242ec501724112af75a
SHA1f5371825960265d151afd868d5137ef811341de1
SHA256006dfe544338a5834e69dc9032e95139d54101878ffd5dfbd7f20c742b72d8a3
SHA512d99fafb6eb70dc86b422a3d46c989c074baebe6629ea815d57edd13fc5669b9d963c1c90c81297956df0705f9686efe6e525d49bdadf7aa1566ccce5e4232015
-
Filesize
6KB
MD5b31f70ce8a22e5ccb1117b3f52599b71
SHA1c6b21bf28e804b422944b639f9b0dccff0558606
SHA25644913a0175f8c5262ecbe682ea4164f5cbc5ee30b14837eba0756bf68a532271
SHA512114e41eec176531ec7e5799684386df90bfa027a784afeef8989c8ae03a29b2e18ca1ada0b3d659b93139e0bab1608d0bc0f132412ea5b5b48fcb3361aef7454
-
Filesize
7KB
MD55e7a1c209f377ad1b81a1470859e245f
SHA1fd24bb2f036e32eb85bdc1c6a9e8fc8eb3f8d05c
SHA256be6d7ddb5f69e891998c763dd221866d4017f72518af42b0a6cced63d021d523
SHA512ffae74af68757eb29ac375a1d42bc763bf821213a9c5d0b6fcbd4437609868d91e08f6a97e1586f52ace1cad8ab262f56e9c5bd4f73deaf692af9d3f488726b8
-
Filesize
24KB
MD59b2345e425acf05ffaa1dee20d4fdbe7
SHA1aecf86c5a5d24b77aea68f6bc99e7f42c9048bc3
SHA2561eb6cc0eab0b222c1111dba69db74281366b9f5dc9f8707ff215b09155c58d14
SHA512647fc97d693b709ef3b0877b6de1d4f9f4e1085d35b809d27360ede1be52b37f9a967fb80ce43be35d60b52409c7e4036376d7d931c96f0660a2eeffa58a8208
-
Filesize
24KB
MD577006dacd174a80aa9b867f95d5df337
SHA17078db638c72ee5cf4ede7911e4421cc4ae103c7
SHA2565e22af33da2ed3f3197d9c899a8fec5e2716b54be019c484cd59960da8f143d9
SHA512e8268ed24af38eaebda4cd864e5580ed1bb63e3e4b72a27fe3404baeb7c8c944a7e79282712ac9d0b33f0123654dedb1984633d6ae2a5b412d6536e2b0389bb2
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
1KB
MD57f1c07d4aef9930ffc9c98b08d5f2c3f
SHA1bdf8949f83c0841a5b942c1b8b7d92383a7fce3a
SHA256cf1039b34100cf55d96965c84cdd16a810df2a893eac18dde2e553da9af76f0d
SHA512b3b431fe6dd6b7b2c12dfbdf449226f48c159b00f231c9560175cb46b58a88dc734f79ec1262d0a11f7360bff00c6b4136732c15b0da3baa0373c5be3cf03e65
-
Filesize
1KB
MD58a538364647d883cca4a4f7da583d2fd
SHA1329ea8d5a6211f021797060a64ce871a92b78207
SHA25662b3bb0fd093a65daa79a3770217dfefae17420cb170cd1610af8b7e652bf8fe
SHA5124e3acccc522f2170ae4db5b5685ecb243f9c64963bab48e2cec4bd589266e7af7d0e0601cde376b0d610b3e09581547f76879ce8b31fed963595d95b10ce5648
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD58b7bb027d78d50aff95eadae35ba3e93
SHA168c9a509dab29ddd21da29896e140805fc85fed6
SHA2564d4d923aa0c7028787e24b20131a5febb4165a27a568870d74f88dc1da289279
SHA512cdd4367597de0be7b58f3f97c7b63da645fc17f1011f1bcc1d6a765e3c3030d82ed3818f1ecc222431668e9812bbf4fca2dc7b0121d417c1c76905e51c0a328d
-
Filesize
3KB
MD57b0402437f1b220448464e040ca35d83
SHA1ff80a7c207aee29bcdedb544bc1535c318500461
SHA2567ee687fe43198e1334856a93aab9b4933e66f34ea894fd86565012c16750834c
SHA51262104674aa32ced6e9da917fa6a4a32b332659cd6f6a8501ddf73002294e90199ea577eb80b82c07dc41df9c4c1e37056b7d745c8343cb353924ea48ae848f1d
-
Filesize
3KB
MD52998ff5563493eed49ac1ff7b59faffa
SHA1eded5c3a1a0c1c411076deee2f8124131fafed6d
SHA256306fb83c20495f1b450e3294ab5fc0725deb5d9af95599918640378017909eee
SHA5120e4ada8eb85c6eed328d1bc5cf44e95b0c47fb4aa329a9ec555879ce5ef3aec152718494ef38a91903f16329302f19459d0690ddf7acd071a611f8984889493d
-
Filesize
4.4MB
MD57399ebe1e1b9c99f3cb4a2521d424384
SHA17a560782421feb72b1e84f162cf0abd0809fda28
SHA2564704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f
SHA51280b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d