Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2025, 02:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pajak.vbngo.com
Resource
win10v2004-20250314-en
General
-
Target
https://pajak.vbngo.com
Malware Config
Signatures
-
GoldDigger
GoldDigger is an Android malware that targets various Vietnam banking applications first seen in June 2023.
-
GoldDigger payload 2 IoCs
resource yara_rule behavioral1/files/0x0008000000024277-342.dat family_golddigger behavioral1/files/0x0008000000024277-342.dat family_golddigger -
Golddigger family
-
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis
-
Drops file in Program Files directory 13 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_1680432944\sets.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_1680432944\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_2058109790\_metadata\verified_contents.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_1611776723\protocols.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_1611776723\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_1680432944\LICENSE msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_1680432944\_metadata\verified_contents.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_2058109790\keys.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_2058109790\LICENSE msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_2058109790\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_2058109790\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_1611776723\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2364_1680432944\manifest.json msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133896771094254227" msedge.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{ABC3E67E-3B78-4849-A0F2-BE36C054C32C} msedge.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 4556 powershell.exe 4556 powershell.exe 4556 powershell.exe 332 msedge.exe 332 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4556 powershell.exe -
Suspicious use of FindShellTrayWindow 9 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2364 wrote to memory of 5164 2364 msedge.exe 85 PID 2364 wrote to memory of 5164 2364 msedge.exe 85 PID 2364 wrote to memory of 1372 2364 msedge.exe 86 PID 2364 wrote to memory of 1372 2364 msedge.exe 86 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3440 2364 msedge.exe 87 PID 2364 wrote to memory of 3048 2364 msedge.exe 88 PID 2364 wrote to memory of 3048 2364 msedge.exe 88 PID 2364 wrote to memory of 3048 2364 msedge.exe 88 PID 2364 wrote to memory of 3048 2364 msedge.exe 88 PID 2364 wrote to memory of 3048 2364 msedge.exe 88 PID 2364 wrote to memory of 3048 2364 msedge.exe 88 PID 2364 wrote to memory of 3048 2364 msedge.exe 88 PID 2364 wrote to memory of 3048 2364 msedge.exe 88 PID 2364 wrote to memory of 3048 2364 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pajak.vbngo.com1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ff974d4f208,0x7ff974d4f214,0x7ff974d4f2202⤵PID:5164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1772,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:32⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2256,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:22⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2588,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:82⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3464,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:82⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:82⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5484,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:82⤵PID:5812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:82⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:82⤵PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:82⤵PID:5672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5584,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:82⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:82⤵PID:3084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6540,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:82⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6620,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:82⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5648,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:82⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6160,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=6784 /prefetch:82⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5284,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:82⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=872,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:82⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5804,i,10112156248675762358,16596168294895725301,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:5956
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:4216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:4640
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6040
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"1⤵PID:2196
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4556
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
66B
MD5496b05677135db1c74d82f948538c21c
SHA1e736e675ca5195b5fc16e59fb7de582437fb9f9a
SHA256df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7
SHA5128bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
79B
MD57f4b594a35d631af0e37fea02df71e72
SHA1f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57
SHA256530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1
SHA512bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
Filesize3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD565044109d1beb8ed8d59560642cbc519
SHA10084485b0aa26069232fab51ee603682e8edfd17
SHA256a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d
SHA51296dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
2KB
MD51b6c5dc9990cd694860955b6d1366273
SHA1aa572eec829c9f4c6650793f772ee7fb28e97995
SHA2566612178476d8bdf871d76b2bd1ddef1271b3858591963ceb59fbe8fae66673ef
SHA512db2c478725977fb6e61cc133d03ccdc5d071cf32e54ed9adcebadd3a0697ad999329e94ef351250221bb43550edaa045e7782fbfbbb40d353d252cead7295df7
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD587903110c8ae9742f580657619a62bb1
SHA1a40f9f25cfbc133ebbf31800b5e2ac3662450718
SHA2564b494dad568a19d401be00e4f53f0dab417e6167af0d79d69610049272b559b4
SHA512933cbe5065ad4fe2e418355ad52c1bf46a67b46e27ef66d3bc19e0d471037f6f966b0db9baf72950a349261559c601164f961411fe9338cc736c1bef5b870388
-
Filesize
36KB
MD5835cd3e859a8aa3a2743b07f4c82808d
SHA1b7c0db6d930c52068b3f2b698c1554dc56be0716
SHA25680548a6abab9e319847bbb9fd3b8ad00526c51ae0e8c8eab96e56c80cbdfe783
SHA5129203d1cc692fcdf5733fbca792b8a5d15b5693224a0daedf9525b0acfee25ee42ec16614ebde3dc66fd41c339c748c0271e2dabb277887d06d6cea91201c7c9c
-
Filesize
22KB
MD5f86eb2b4a1ababd1b6e2cfee2143491b
SHA1659a818e5fbfbb28241aedbfdfa70cba60879cc3
SHA256b3c744bebed2c4dda667ac280bb65440f00dbe514de431a3f98228f0ca15f2eb
SHA512b2f1ec725634b27c9933d5ff1bca688e3341c00dbc887072ad4018b5d8b06dbef7a80ffa43525f877ea5d86d879c92b00aab7524560b40d10bf32b84509a0728
-
Filesize
2KB
MD5285b5654f3dd198d7e92046073dcba5b
SHA1fec8778e8b13e5593802c87862e04a474043aff1
SHA25623bd63b9212bc12ab11f8f82f363ed6341d31cbf77f99e949293e98b286e67cd
SHA512264807dc3235564ee8eaf6091df6434ad99b584ba280fffe86d2cd0b7fb033c24a3a4097d39092f02a691a020918b115d9f9b482a0e59dd2538a47f0037d0e1b
-
Filesize
465B
MD5451d5f9b5e098dc2eb1118d97d4d4825
SHA1df0300eb237b074e79bf338ec19a6f423ac2b76f
SHA2566c093b4a353f905e7c8c83db23e244e1061deb103cff093860697d7a772d8da6
SHA51292ea8d99816d843782da916fe9ddd63d0ba007a75ef6f0ad98b61837ce6c680d1b31eaed0543631bae71a2e39bfb4aae1622380ffb1372516f5d3c32d49d35ac
-
Filesize
23KB
MD539a5135f0598b7f3a18981a007357ad3
SHA13c2827fb2345095ee4e12156dbb26ba6e8d13404
SHA2565b43b280357534c6c709612ed50e4be4a6e248d0133ae18c3adc298ba86a0229
SHA512e553b251df72ce81a46bd2b2327e511d6ee63163f9bf7c60c0fc71f78c7540d39b5d7c69960182434ac00db120390f4d00baec44fa257577a0ef71f2c4e004b4
-
Filesize
896B
MD5d9e6d5dc807d152839812452e70a2b18
SHA16991453aff314871db5441d65508e837209b5052
SHA2560398dcb6cc9ede2e8a1647c7011c4bc8760c164b90b771585b563d53569f5cc4
SHA5129e329442eb839af0479a5f1428595fcd6bc20cbb21b2d8d62a914399c42cb1289c4375a764a79a67f634178e15c970394d837c00f9162737f1034c92026ed355
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
54KB
MD574724fd0d9f886c0990faafde2e08394
SHA178b136d60fa344f1ad4b96ce412679097eae5d5e
SHA25620946e77091a1a61923043cf97e1783393108824efed066f0d6576abcb782b0b
SHA51225437f0d7c9472a275541ad22509e6206adf2d5ca9da75ac3a95ed781e9de2b011e09684423fefe1c97595ebfc87f54f2ca93fdf845f3cb827df750d1515f340
-
Filesize
40KB
MD53601febcca06569913e4d1eefcc85c5c
SHA136e2b6faada5a91dd335f46fcdc84cbb5ce9d657
SHA256bcfce469ddb46fa8d092589d6ba508eead5b15e7dd8d86bdb5d534e01e229410
SHA51249b7516aaf7a67e9b02050edb450e9fcf68ac09cf21d398a2610527f8fe9e1fc6dd272aa79b2e5c83a0cf361990291e538549e84a2dd112eef464cc4f0569564
-
Filesize
41KB
MD5a653f478b9f95d7715ebd6148afce3e4
SHA13a728c788d38ab6ed15f28c875987dd41ef05822
SHA256a3999988eb6d36711426c8d93abbcc61d592378a906c8f68e193cac97cdcf882
SHA5122c320fa8f4aebeb7991d4504b4630003fa771297332933eb74b0f9aa0cd9d96e30cfce2bde04428d2228736efbd347b6ca32624579f87fe616b404041a6d9995
-
Filesize
49KB
MD5e5e471d06407c443ac7af0d59a19d935
SHA13e40103b395c0db5fce2bfab22efaffa7dcadff1
SHA25670a42fa5bed4f0eb0d60523be4ea52b7cb0c6a98db3c866dc27000e496b625a3
SHA51295dd6e2d2073f257092f3c1cea62a017567219f1e54336912cf4b2b8c690c4b3f98b90c3ad81065701f58c4b3491602d5de40efb301542770fdf050d1658d56a
-
Filesize
49KB
MD5c9744b8c0570e9443ab8094b0196e78d
SHA1780aecc0f34670af0d4b04567a0ac43792b6be10
SHA2560ee83ca876fe03f00e0d5bd77cc3a12a9b4b427547fc74e136c556ce7df13dd0
SHA512e582e764a772275fd4918cc7a5ecc0895b2a87ed7c63d3040ddd0cf4294c13da8d6570eff5318d46907e7b3dcbef7c68d2df0d121a1bf4ca6f1ded627c3cdba9
-
Filesize
40KB
MD54771b7241059e7303eac0c9b9b9c6dec
SHA1229b72777cc7ed92d05344ae270e030fa5565789
SHA2564f4a12a3c28f701b019af2c513cae62889909704a9d28f427e28abfbdd7c3c18
SHA512ec32e0f61159bcbc8962b16e8289d9b5ee13803315cf05167eedfe5b5193198618d339eb54ed6a63d636bf47a9c2a02f4fd4225372a50a5f970a84afc81ff287
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json
Filesize6KB
MD5bef4f9f856321c6dccb47a61f605e823
SHA18e60af5b17ed70db0505d7e1647a8bc9f7612939
SHA256fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5
SHA512bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5ba7bff0c54918bc286ec4fb5dacae7c6
SHA1308f8a029db02bc553c95e18c8debdf624d9d88d
SHA25646e89b9e3361fc65a9ec0b4f3986631253e8c733c36b15283d1b87f4bdb6c71c
SHA512647df2c0e32c7d49ac88bc01eed364433dfdf5cca8732ff5a2a3cb86563dadff9c3001751ec78c296e0708be3fa98dbbbc391dc727c0a664e6c6d0d1c81924d1
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
17.9MB
MD58466c327fcd41286456218c0f26b0be2
SHA158b43efef71046b3d27711cbc3cd8974da79f90c
SHA256a094f5f1b933abb7ca04aa2e13d1cc61f7a6d71dfc1b1a9957249012d01ca517
SHA5122ecf9028d19586fac48a8f442df4c1c0b915d87c28066f465f4de77e8a9fa87c4d5b1e7dbd5dc387b3e5c4a4174f5311895526ca83356fefc47361f209a1b631