Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
20/09/2023, 02:12
230920-cnbflsff36 9Analysis
-
max time kernel
147s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
20/09/2023, 02:12
General
-
Target
Origin/Origin.exe
-
Size
2.2MB
-
MD5
106c6437e141c3ce50ccb6bab796e898
-
SHA1
07c06b243e2ebbd18e9e978b1a1c466ad373e64d
-
SHA256
02316eeb6cd43c45a63c9f0fcd43d2cc501a66bb75677ccbd57cb5da9fb78c3b
-
SHA512
2dff135be0efc19f96990d73755fa8a7c0cd64235489ed1d2743897eb929cd18f3e52535657232f03cc8d955b2fc1b5f0400825e942b019e13e2b2e5016001d9
-
SSDEEP
49152:MB+Kc09fBm9Xyuc/hAhQDl6fR3V2BTzIJa6:MB1JPm9eAhml6ZEBo
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Origin\Origin.exe"C:\Users\Admin\AppData\Local\Temp\Origin\Origin.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gateway.platoboost.com/a/3?id=C05DD04C90DDB6C88A1EEE127C63727F2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa446d46f8,0x7ffa446d4708,0x7ffa446d47183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7348 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7348 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7312 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6088 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15966516685054690763,4209451177223124357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gateway.platoboost.com/a/3?id=C05DD04C90DDB6C88A1EEE127C63727F2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa446d46f8,0x7ffa446d4708,0x7ffa446d47183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1448,3041592329094298400,16160341727206536727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:33⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gateway.platoboost.com/a/3?id=C05DD04C90DDB6C88A1EEE127C63727F2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa446d46f8,0x7ffa446d4708,0x7ffa446d47183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gateway.platoboost.com/a/3?id=C05DD04C90DDB6C88A1EEE127C63727F2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa446d46f8,0x7ffa446d4708,0x7ffa446d47183⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
Filesize
5KB
MD549f2f01c72eee9a2eed2ac0a3f0d40ee
SHA1882896171f6c725e834bbfdb7a221f0a456af583
SHA2569bd44a50b4432edc9110d66db109bd400fa2d54afd5c744db25a2d80b92a1fb9
SHA512d59146f98d58645099badf3c91b67f18f4f55519b5fc5e04d912266714c6a97841143c056f564c1873fe4285db352890fa50c79647e5d85a5c38ea1a460c807c
-
Filesize
20KB
MD50eea47c6d27920369cbc8f7f4497cc30
SHA1373af3e3a13e977fea90d46e7e46a7d9b9dcaf16
SHA256ccadaafd2076cb947d4daa2eb8a14685b05271f1596b95a61da782e7cb35f78d
SHA512158bf39cfeee7fd9a50cca90c086ee6ed464f9db45f661584fcbb33cc8602f172071271600a56eb28273d1167788b604d574ab999550c7a8e5d9d12dfba04d0b
-
Filesize
33KB
MD559d87135f30dc9ee3b33ce7f77f2d508
SHA129fe401c42f7f0f4027cec402473a8ddb475bfc9
SHA256e8c47fb2346eb0cdb1341cb75abec213de5ed4b1517bb65e0eed22d0b616c3ec
SHA512c385e805976c67509dcb914709181f5203a982082caeb7299cec3f58fad29ebb61868a427a1bdbdbe0317e7584ebad1e94355bc3f184c09aa785c0ed389d5994
-
Filesize
89KB
MD53ef0d4bfe3594181e1089aa62b2ddbdc
SHA13b0b3a37c118a09117942911068a387dc703c8c6
SHA256b9b2ccf35e92b8442b283c94a768527d13639f9a73ac8100137c1a1ab8c212fa
SHA51255f853626a9ff01945a603fe1693802b9496e4eea7d14d2033106a8f06d49f959a45b16bc67d6d623645ed16b5d1197e9841c0aa6f247331eed2f1ae0bccf059
-
Filesize
89KB
MD5ee991a0833210f728188fcf807f19049
SHA16ee3cfc09dcd8ed85a24a9a0fcf0b599115af525
SHA25666895e2b729f69e4c249847ba3758e2fe400b1656e47ebc8ec3d9daba9283f26
SHA5124cdff6764228be530eaeb2c9d41cd15d89f8f8cf633dacd63f11eb225e207519b28d12bd6a21eec89ecbde454c3c03942f211fb9eb4f38c9a4edbe779b1f33cd
-
Filesize
218KB
MD5fb1628ae1518ac3adb1cc27d91d151ea
SHA15a6c621b2c242cdd360d5577026e5f4a04aa8fe1
SHA25633b5e50dfb3c6ec648a980eb1be7553e216f2619fab2966f434e5c91e4317c3a
SHA512441230e3d2f5264af23d608e2f8822d53f2bc20a014ad384de9f65db0822c56b272b81513739986f789213301b89b400d25cd22b04a9610f437336493a283e67
-
Filesize
336B
MD57eaaf9d3d06bee9850032690d101bad5
SHA17d1353de6b1b1c89e70b72a9098901e76ada1cc6
SHA256c7017b5488e684333db991df34e5c02e86b7f8f3445009f9e8e278997c6fb7ef
SHA512e40eef35e49706e7e77a4d9c213913942421bff0122a0a858a5e4a0d6ee9fde3bc61d926b4079a54769329b74d0c44e2632c7789f1890f12412b43f25fe7c3de
-
Filesize
960B
MD5fe34afe78dae93a414dd73a69b85a080
SHA1632bbc82350a91e4e8c4e095c4c9380aa686876e
SHA2564cc46ce1275430f9276d5874460148b3c9bd56afe40ca79dc849d64304cb5eb0
SHA512edcced654c244bcd4f716816c2e1aa46fb6d7acb94ec039b882ba60cb06683d7047f80f7c5dd82064780a83e79f6c525af5cd219412e41bf383a6863553a18c1
-
Filesize
1KB
MD5a03c90e6076ef6110ae1664e1d93d6d6
SHA1143c4087f6766ebc5e50bdf32ad60b1ff4181a14
SHA256cfaf8a6f3bf9396eafb274d76b6c18802f2d5fe1f55ccfb41db4e358f2a00746
SHA5122ef118fef984bced3f08924646df71ebb410c825a44a1f9b83da047460d2203351702f6afa1db70828fd253fb3502f98ec6cecd5a48c1a3e340aa130b8394e49
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5f5bec011945b9fb1887b5016e1000644
SHA1d164d3dde4db0d56b7c564a7d50d25e0715486f6
SHA25629f5f9c1e91f192ad7d9c5668583174c96328501487cb3622b4bc7617ac323e8
SHA512baa96b31d7ced1714c9a3a5a5ee902856b0298c53e1d630cadf2d94873b91db135eda41836bbfe69360ea1654a5eedf340bb37102bffbba478e0b18225ffeb82
-
Filesize
6KB
MD522a534ff4960006227484061841535ab
SHA162810ea780d437aa7ba88f70623d2ca44ae094e0
SHA25670f5e4a0e7b8412bc42397986049c27ea039d74dbbe1630a9fac25e111fec020
SHA512129ac2f1da2d9b723411ed8273b72377af35e147c688c593835129fcb2ecd41d97f4ef76c7fc557cd439051a1ef752cb82c9bb4ce6ebcdccebe8e2761e9e486e
-
Filesize
6KB
MD504628317d712e9723cb630c8ae805f9c
SHA1a0244b3d53747c9677b87fde76e985251ddbd63c
SHA25623fc8f19e54023f0ecaf6eae95d0424de58f115592d987c423b65cfe216b5705
SHA512ab720020a1c72bdb1d30a809369be32c3cbaf860e021eaf1b9961ab54b30098861853f89c2ddfa9725f88be6b1d75bc5afbc642cb28b153ea2eba047b51bde0a
-
Filesize
8KB
MD59d68b257081f2a05a572ee147ba8ba52
SHA15c586fd2962d7910b74e63d3a86317b53a1559f6
SHA2561af77954c9d3af3536f24d25c7439bee858f01f654100f87288ae47855c58c4e
SHA5123ea9a97bd46e3be69bd16c233428b1fee97000e22b0572f0fcf3f80ee5e5af906c13927766d777aa8e9196ee6f6d241329c32bd2e6ba0ccf9e4e97028f60f4dc
-
Filesize
24KB
MD5d555d038867542dfb2fb0575a0d3174e
SHA11a5868d6df0b5de26cf3fc7310b628ce0a3726f0
SHA256044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e
SHA512d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f
-
Filesize
3KB
MD5a3038ce30a4bf994f84066cea5053b43
SHA1bf919097c182fe1dc8c7a37b37b666f32d5b0f25
SHA256a30209e1579b61face28eb4167c12b81bb49b2be46b6ad5f56a0b9a24aab58ce
SHA5125254d1c88c32a61ce18a59c8208dff557ebe8211494ead8a4d228faa4a198e1fdddba002a7c3e972d7e271c2755429d23c07d37a4f90c8e36b57767520ef91a4
-
Filesize
1KB
MD52e6ba32d8a55efcc9169a5e33fe74541
SHA13bf3a2828d04010008e3059f9fa08a4ccb66337a
SHA256a08c408368e1766c7639cbb5f6174b225264a2d09d2fb415508cfdf9465e5dec
SHA5122f3b9977d8036e7ce9f5f5049c4c205de8aec690769e3407b89a2d12d40ecfb75c40af211bd7e3c0495d50439976207f9c99f750f8d0a4b3d20f1cb2b3748248
-
Filesize
3KB
MD519265f52353b705fefb010e4eedb2354
SHA1b4427a6dc126c6910383bb98a155aeb23645a7b8
SHA25664820f353251646f7a8146d57e60f79957015e89753bd358349abaa0f38bca49
SHA5126f0f592817c4962de6d6acf243d5463cdcf55715ee0b122055e629767028dd04cb3ad038194868022ed74746b7fa7f69e8d26110eff953bca9e1b9a2702b6fcc
-
Filesize
1KB
MD5cd7c7b2976509a8a45e2d66a431c572c
SHA1e28fa6fe5bac343439eae9c529c7e4d522b2b88f
SHA25670da37b56c85ec16fede2cacae704c12710f6d68875e3dbac8a47bc7cfedb906
SHA512a0b422dd3a369a741ae01b8d86d0d8860eb435eae336d1e7f5c7bea5a2a58e3acd2be7e9952529e9aeaeebed17bbd968f29ffb63c17175e0c77dc393e0f0147f
-
Filesize
872B
MD517c5299c0afc2928bc22d5797dc31950
SHA1da9f64f497dafb707e709368081b2152534eca82
SHA25699d2e35f22cec6c8d5836e99cf05d9e90de1e6aad1d7ae234c587b07ffaf349e
SHA51238ac2a99cfe92f62566a1a4501262f26c53d11b351f40a268d8a25600d6023954626956be3a6e5012f858e518b12f10affb84a8656ef841c9f5515ef3f74c66a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
2KB
MD50985ed50b8e4b092dcd0b762709ce322
SHA15ce387bcc3fc9e8866f475e58d2208fd41fe5d40
SHA256c74af3e99f350aa972e4cb2cfb7a403cd622293ff1590941ed6192ad8ace479c
SHA5125113e43eadb389f8f03035bac469e8571a443cabd620c95fbefdabb1bd0ae1a4af72178da8008e754c264803b60e0ad2c5ced3b15b4965a344252b2b75ea4486
-
Filesize
2KB
MD50985ed50b8e4b092dcd0b762709ce322
SHA15ce387bcc3fc9e8866f475e58d2208fd41fe5d40
SHA256c74af3e99f350aa972e4cb2cfb7a403cd622293ff1590941ed6192ad8ace479c
SHA5125113e43eadb389f8f03035bac469e8571a443cabd620c95fbefdabb1bd0ae1a4af72178da8008e754c264803b60e0ad2c5ced3b15b4965a344252b2b75ea4486
-
Filesize
10KB
MD5e66d762e114a780989cc4ae5ab41e9de
SHA1b1d614bb98a26635cc0603506245833a86b4da35
SHA256bf7d29f74e25f362859deb08330dd2c6ecbeb5c71f30185a48a06a5a7f2c47f6
SHA512192af8bab01d5a0c27c5a53d7b300d0a3955f1bdea09e182714f812ecdcf5befc04adc5c0b7ca07eafca915b7c8be9b7f839b69f02c1101c0101e74041e7ba29
-
Filesize
10KB
MD5a7647fb1dcc913b3d86c9afc9698d7a0
SHA1aba21e52ddc817ccd27fa76b7baeef4d516df5b0
SHA256c13e4bf81f7e1eed3ea88bfae1a83cb50dec7e7fabca9a965cda649f1c73aefb
SHA5129d0bc094a5613aa37525a3bb883b93f943e15637df8f8cb3f5c164a4df5e84a78f7b9f1c740b2d24ea249b0df34c7f0a2c13327362c12784a1ec96d370c9faeb
-
Filesize
10KB
MD5879c2ebb8130dab1d53c3acc483170f5
SHA18e5245350fc8c11ea658c7a586519ab210c168f7
SHA256c619fa63048931e60a84734a05059b4cbca191903c6678d098a58e00fa0a8f74
SHA512d9df1aaa45823454417e8a9fe530333b0415dcbfa56264b155ff095fcd6e7da47775cef397ba0b6e06476f0cb9500e19484aaaf03c6df9bf13634a92fe3b6741
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
56KB
-
Filesize
64KB
-
Filesize
224KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
408KB
-
Filesize
4.1MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.2MB