Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/11/2022, 11:17
Behavioral task
behavioral1
Sample
6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe
Resource
win10v2004-20220812-en
General
-
Target
6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe
-
Size
941KB
-
MD5
da438e70421f3aba0c8f797111208327
-
SHA1
ddae71afdcb1cf566c8348314feba24f9bf943ab
-
SHA256
6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5
-
SHA512
2b196df7b5df7cad8f91a57911a1c8cbc51ef79dbb6bc2b5449ed151c1f5189d6de32181f0f9f1c60b323feabbeca866ff1581177bb70c2b020346a7f0781856
-
SSDEEP
24576:YNGsFQuK47Uh2CubV4+TQzJcrPes0pFQ97vbUkKAjG:Y8sFQ3pqbq+TYJcrW1FUj
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification \??\c:\Windows\SysWOW64\pkl.dll 6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\97af4602-10c8-4f8a-8ef1-51bbd611ccfe.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221106144340.pma setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 1964 msedge.exe 1964 msedge.exe 1648 msedge.exe 1648 msedge.exe 5068 msedge.exe 5068 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 3504 identity_helper.exe 3504 identity_helper.exe 364 msedge.exe 364 msedge.exe 364 msedge.exe 364 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 532 msedge.exe 532 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2264 6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2264 wrote to memory of 532 2264 6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe 79 PID 2264 wrote to memory of 532 2264 6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe 79 PID 2264 wrote to memory of 1656 2264 6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe 80 PID 2264 wrote to memory of 1656 2264 6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe 80 PID 1656 wrote to memory of 4972 1656 msedge.exe 82 PID 1656 wrote to memory of 4972 1656 msedge.exe 82 PID 532 wrote to memory of 4248 532 msedge.exe 81 PID 532 wrote to memory of 4248 532 msedge.exe 81 PID 2264 wrote to memory of 1776 2264 6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe 83 PID 2264 wrote to memory of 1776 2264 6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe 83 PID 1776 wrote to memory of 704 1776 msedge.exe 84 PID 1776 wrote to memory of 704 1776 msedge.exe 84 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 1656 wrote to memory of 2300 1656 msedge.exe 87 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89 PID 532 wrote to memory of 2376 532 msedge.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe"C:\Users\Admin\AppData\Local\Temp\6045f4c84d9884ced4863591d4f5d1de92b5473ff71e221a0992b730565f38f5.exe"1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pekalongan-kommunity.com/2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:532 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x40,0x104,0x7ff9072e46f8,0x7ff9072e4708,0x7ff9072e47183⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:23⤵PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:83⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:13⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:13⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:13⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:13⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6028 /prefetch:83⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:13⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:13⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:13⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6312 /prefetch:83⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:13⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:13⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:13⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:83⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
PID:4260 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0xe0,0x258,0x7ff72f935460,0x7ff72f935470,0x7ff72f9354804⤵PID:2764
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:13⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7164 /prefetch:83⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1116 /prefetch:83⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:13⤵PID:520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,945493036573471777,12712108713035341299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4160 /prefetch:83⤵PID:1460
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://goo.gl/VTRUf72⤵
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9072e46f8,0x7ff9072e4708,0x7ff9072e47183⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3899479012724882569,14811519297768352390,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:23⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3899479012724882569,14811519297768352390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pekalongan-kommunity.com/2⤵
- Suspicious use of WriteProcessMemory
PID:1776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9072e46f8,0x7ff9072e4708,0x7ff9072e47183⤵PID:704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12379555563419695435,4139875050798959476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:23⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,12379555563419695435,4139875050798959476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1964
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3380
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2568
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize471B
MD506e3cef80fe5645cb7c1b2b4025128db
SHA1e61333d10927ecbe16ffa687984114d822c20ff9
SHA2565b61d98d3d600e77dc9c68cb5addc87a1ba8240f8e28c62cc58f0d80db6080e2
SHA5127e7d71a51c1b8b2b5940a2bf801b19117b33df02171523828bf72939cb275c86ee07c3954aa1ea561c3b28035baf1e0b01d40bdd751dac4e5c83bd948e524d28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize471B
MD506e3cef80fe5645cb7c1b2b4025128db
SHA1e61333d10927ecbe16ffa687984114d822c20ff9
SHA2565b61d98d3d600e77dc9c68cb5addc87a1ba8240f8e28c62cc58f0d80db6080e2
SHA5127e7d71a51c1b8b2b5940a2bf801b19117b33df02171523828bf72939cb275c86ee07c3954aa1ea561c3b28035baf1e0b01d40bdd751dac4e5c83bd948e524d28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize442B
MD573549626f45f55b5e2aaeb69f8ad42b5
SHA1c287bb1a7d784d35363b4d4ace3e7a1e7b39fed1
SHA2564eb7a62149ce17eabbcb62f68ce19634a6d4ffeab44cec8a798300b5280db6a3
SHA512f90ea20172da2ab44648e281e36e53e56aaae1150be23c14c430f582d04e3315c0154f9edb5904effa0d59c9e031969ede1fac211cb0a4ab0dfbc8a9044db7f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize442B
MD573549626f45f55b5e2aaeb69f8ad42b5
SHA1c287bb1a7d784d35363b4d4ace3e7a1e7b39fed1
SHA2564eb7a62149ce17eabbcb62f68ce19634a6d4ffeab44cec8a798300b5280db6a3
SHA512f90ea20172da2ab44648e281e36e53e56aaae1150be23c14c430f582d04e3315c0154f9edb5904effa0d59c9e031969ede1fac211cb0a4ab0dfbc8a9044db7f5
-
Filesize
152B
MD5727230d7b0f8df1633bc043529f5c15d
SHA15b24d959d4c5dcf8125125dbee37225d6160af18
SHA25654961bcb62812886877fcd3ad3896891099cc4bddc51ea6f07a606cf5124d998
SHA51235735f0dadf7ee69bcccd5e9120d6a55db39138eff58acbe4ea8116fb007c54a024028dccd5f25856ffcf33e1f3bdccfd8d0e2527130a16351debb04c27b8df9
-
Filesize
152B
MD5727230d7b0f8df1633bc043529f5c15d
SHA15b24d959d4c5dcf8125125dbee37225d6160af18
SHA25654961bcb62812886877fcd3ad3896891099cc4bddc51ea6f07a606cf5124d998
SHA51235735f0dadf7ee69bcccd5e9120d6a55db39138eff58acbe4ea8116fb007c54a024028dccd5f25856ffcf33e1f3bdccfd8d0e2527130a16351debb04c27b8df9
-
Filesize
152B
MD5727230d7b0f8df1633bc043529f5c15d
SHA15b24d959d4c5dcf8125125dbee37225d6160af18
SHA25654961bcb62812886877fcd3ad3896891099cc4bddc51ea6f07a606cf5124d998
SHA51235735f0dadf7ee69bcccd5e9120d6a55db39138eff58acbe4ea8116fb007c54a024028dccd5f25856ffcf33e1f3bdccfd8d0e2527130a16351debb04c27b8df9
-
Filesize
152B
MD5727230d7b0f8df1633bc043529f5c15d
SHA15b24d959d4c5dcf8125125dbee37225d6160af18
SHA25654961bcb62812886877fcd3ad3896891099cc4bddc51ea6f07a606cf5124d998
SHA51235735f0dadf7ee69bcccd5e9120d6a55db39138eff58acbe4ea8116fb007c54a024028dccd5f25856ffcf33e1f3bdccfd8d0e2527130a16351debb04c27b8df9
-
Filesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
Filesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
Filesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
Filesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
Filesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
Filesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
Filesize
2KB
MD55335c54ac1a942a824ce580e384259b4
SHA19b3daba6722a0b2598ba63a9e00bdf2bcb9c9e1a
SHA25668aed770ee7f7da23db5287374e258f3cd7d82ffb05e6add62976a70bcac5e8c
SHA51275b54089e14d0d6f1350eae0e02f0c92178ad3ff967197b483c261cd5f45c2f27e95ddc4e133bb2980b544642150f4e590add82eca62ab459b7b99ea29feafad
-
Filesize
2KB
MD5f66d0e732df846e2f54832138f175fcb
SHA1a7ef84e58975f843dfcb2c4c0e612114a7c36edc
SHA256439a7816543dc46ce864af48ff716d635e4e705f6e43ad369f4b14266e414d5d
SHA512bdf48af06956bdc4cb257bece3210ac76bbe35e52c2c3173ffe8497993998334a644438f41494c0c125e5239b91dacaa735bddc32cfb32b3cc6b50034a57fb62
-
Filesize
2KB
MD5f66d0e732df846e2f54832138f175fcb
SHA1a7ef84e58975f843dfcb2c4c0e612114a7c36edc
SHA256439a7816543dc46ce864af48ff716d635e4e705f6e43ad369f4b14266e414d5d
SHA512bdf48af06956bdc4cb257bece3210ac76bbe35e52c2c3173ffe8497993998334a644438f41494c0c125e5239b91dacaa735bddc32cfb32b3cc6b50034a57fb62
-
Filesize
2KB
MD55335c54ac1a942a824ce580e384259b4
SHA19b3daba6722a0b2598ba63a9e00bdf2bcb9c9e1a
SHA25668aed770ee7f7da23db5287374e258f3cd7d82ffb05e6add62976a70bcac5e8c
SHA51275b54089e14d0d6f1350eae0e02f0c92178ad3ff967197b483c261cd5f45c2f27e95ddc4e133bb2980b544642150f4e590add82eca62ab459b7b99ea29feafad