Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3DS4Windows...ild.js
windows7-x64
1DS4Windows...ild.js
windows10-2004-x64
1DS4Windows...x.html
windows7-x64
1DS4Windows...x.html
windows10-2004-x64
1DS4Windows...er.exe
windows7-x64
1DS4Windows...er.exe
windows10-2004-x64
8DS4Windows...ws.exe
windows7-x64
1DS4Windows...ws.exe
windows10-2004-x64
1DS4Windows...ws.exe
windows7-x64
1DS4Windows...ws.exe
windows10-2004-x64
8DS4Windows...re.dll
windows7-x64
1DS4Windows...re.dll
windows10-2004-x64
1DS4Windows...it.dll
windows7-x64
1DS4Windows...it.dll
windows10-2004-x64
1DS4Windows...ll.dll
windows7-x64
1DS4Windows...ll.dll
windows10-2004-x64
1DS4Windows...er.dll
windows7-x64
1DS4Windows...er.dll
windows10-2004-x64
1DS4Windows...pf.dll
windows7-x64
1DS4Windows...pf.dll
windows10-2004-x64
1DS4Windows...on.dll
windows7-x64
1DS4Windows...on.dll
windows10-2004-x64
1DS4Windows...ss.dll
windows7-x64
1DS4Windows...ss.dll
windows10-2004-x64
1DS4Windows...it.dll
windows7-x64
1DS4Windows...it.dll
windows10-2004-x64
1DS4Windows...es.dll
windows7-x64
1DS4Windows...es.dll
windows10-2004-x64
1DS4Windows...es.dll
windows7-x64
1DS4Windows...es.dll
windows10-2004-x64
1DS4Windows...es.dll
windows7-x64
1DS4Windows...es.dll
windows10-2004-x64
1Analysis
-
max time kernel
137s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2023, 14:05
Static task
static1
Behavioral task
behavioral1
Sample
DS4Windows/BezierCurveEditor/build.js
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
DS4Windows/BezierCurveEditor/build.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
DS4Windows/BezierCurveEditor/index.html
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
DS4Windows/BezierCurveEditor/index.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
DS4Windows/DS4Updater.exe
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
DS4Windows/DS4Updater.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
DS4Windows/DS4Windows.exe
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
DS4Windows/DS4Windows.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral9
Sample
DS4Windows/DS4Windows.exe
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
DS4Windows/DS4Windows.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
DS4Windows/DependencyPropertyGenerator.Core.dll
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
DS4Windows/DependencyPropertyGenerator.Core.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral13
Sample
DS4Windows/DotNetProjects.Wpf.Extended.Toolkit.dll
Resource
win7-20231023-en
Behavioral task
behavioral14
Sample
DS4Windows/DotNetProjects.Wpf.Extended.Toolkit.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
DS4Windows/FakerInputDll.dll
Resource
win7-20231020-en
Behavioral task
behavioral16
Sample
DS4Windows/FakerInputDll.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral17
Sample
DS4Windows/FakerInputWrapper.dll
Resource
win7-20231025-en
Behavioral task
behavioral18
Sample
DS4Windows/FakerInputWrapper.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral19
Sample
DS4Windows/H.NotifyIcon.Wpf.dll
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
DS4Windows/H.NotifyIcon.Wpf.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral21
Sample
DS4Windows/H.NotifyIcon.dll
Resource
win7-20231020-en
Behavioral task
behavioral22
Sample
DS4Windows/H.NotifyIcon.dll
Resource
win10v2004-20231025-en
Behavioral task
behavioral23
Sample
DS4Windows/HttpProgress.dll
Resource
win7-20231025-en
Behavioral task
behavioral24
Sample
DS4Windows/HttpProgress.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral25
Sample
DS4Windows/ICSharpCode.AvalonEdit.dll
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
DS4Windows/ICSharpCode.AvalonEdit.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral27
Sample
DS4Windows/Lang/ar/DS4Windows.resources.dll
Resource
win7-20231023-en
Behavioral task
behavioral28
Sample
DS4Windows/Lang/ar/DS4Windows.resources.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral29
Sample
DS4Windows/Lang/cs/DS4Windows.resources.dll
Resource
win7-20231020-en
Behavioral task
behavioral30
Sample
DS4Windows/Lang/cs/DS4Windows.resources.dll
Resource
win10v2004-20231025-en
Behavioral task
behavioral31
Sample
DS4Windows/Lang/de/DS4Windows.resources.dll
Resource
win7-20231020-en
Behavioral task
behavioral32
Sample
DS4Windows/Lang/de/DS4Windows.resources.dll
Resource
win10v2004-20231025-en
General
-
Target
DS4Windows/DS4Windows.exe
-
Size
465KB
-
MD5
e04a76a4b5a4c802eb3c228909f60bbb
-
SHA1
5ebb77a556b04faceba7f89b9b4f13343298889a
-
SHA256
f81c1245f856b7764ef90626a708c684f6117f6e2125582b2c5de1d1218b634c
-
SHA512
bcfe476f8b01601dd7411e97b7895a340c65c720881cfbea5218f4a2aba8ab8757de19e8729edafbf8c711efe8ccf07a1f16bdf4034855fced43ce0a9bd97331
-
SSDEEP
3072:t8vbzyQ6Y1YXrbNK+3FNxacPEMk6VRQAaTWHAxE53PXJagcxjiitVqDRHFljXfuk:tszAXNK+3FVBRQ9TWgi3P5zMmh
Malware Config
Signatures
-
Downloads MZ/PE file
-
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3125601242-331447593-1512828465-1000\{C11CDD71-4164-4F2F-BF6B-7858F9A5CFAA} svchost.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 717750.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3672 msedge.exe 3672 msedge.exe 972 msedge.exe 972 msedge.exe 5736 identity_helper.exe 5736 identity_helper.exe 3640 msedge.exe 3640 msedge.exe 3640 msedge.exe 3640 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe -
Suspicious use of FindShellTrayWindow 46 IoCs
pid Process 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3636 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3516 wrote to memory of 3672 3516 DS4Windows.exe 94 PID 3516 wrote to memory of 3672 3516 DS4Windows.exe 94 PID 3672 wrote to memory of 2316 3672 msedge.exe 95 PID 3672 wrote to memory of 2316 3672 msedge.exe 95 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 3092 3672 msedge.exe 96 PID 3672 wrote to memory of 972 3672 msedge.exe 97 PID 3672 wrote to memory of 972 3672 msedge.exe 97 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98 PID 3672 wrote to memory of 3572 3672 msedge.exe 98
Processes
-
C:\Users\Admin\AppData\Local\Temp\DS4Windows\DS4Windows.exe"C:\Users\Admin\AppData\Local\Temp\DS4Windows\DS4Windows.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.10&gui=true2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3672 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c42f46f8,0x7ff9c42f4708,0x7ff9c42f47183⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:23⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:83⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:13⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:13⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:13⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5608 /prefetch:83⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:13⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:13⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5364 /prefetch:83⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:13⤵PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:13⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:13⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:13⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:83⤵PID:5720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3365907250005198801,11037243463295739038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3640
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:3636
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2600
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f4787679d96bf7263d9a34ce31dea7e4
SHA1ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5defb15251e5743d4abd1b8f5115a365f
SHA10e5e5b9d1eafeb70a33a94560d6154222819d394
SHA25633dae0cde2981fa23663508cdd195a655e7c595864486de3cabe9bd9bf887bbd
SHA512fdfee61c410203d82d4410429e0a7dd4da1d7b4ae337c89a9e93396b6ef991f49de7b4f38e03054fa2106a8c2c046fa06882d6907846fac67cfa63232f5ad487
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5e4e8f6f1ce2ecda55f06f0a7c3ac5400
SHA1e3dc8766ee47688d521ba32fa7b1f94767a5f403
SHA256dc5aa27cd8b43e107c8f5a83eeecda83c6944f3ddbf91c0fba2a69acfc84d8a0
SHA512221f3baa2c17908b6085af8c77d8664fcbd94f20d9296d2472e49dab6d8617b2b19415d86ca83c1e9ecaad1b569c878c3e2f1e48adcdebc014b9d20d1dc5c6a0
-
Filesize
5KB
MD5ffe559a6dd4dfcca4dd014d08d88629f
SHA1d674f6c1ae1eeae38396ba8e1cfd8e18f606446b
SHA2561e6f37ba48267c081cb8b80a33a58bf469dbd3348b7b57ebf0101c187bfcce3f
SHA5123e1d835f834ce0168b0b8a8fd5c6eec4829ae427a7683f1bf2e3fedeaead5c82abcd3f458dbbb6c340310d3be627dfab18ac1d95000efeb52d5e1afb4d3d0d95
-
Filesize
5KB
MD5ff52a04cbdc9bd9d7f16a45675459cd1
SHA1969f65826da03c443ee78c9347e036be445d059b
SHA256fd674cd32db525e1d602ed4a86110fb820e234d9b0b03ead71af479a219a408d
SHA51239631e27caaa96f207b776c924d9e110d5ef4865474d65cd247e12cb01de6a6a5e0b6c359e26ea81a1f6b656306e699112b08a8a8979ed29dc8dd10eeede2453
-
Filesize
24KB
MD53a748249c8b0e04e77ad0d6723e564ff
SHA15c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA51253254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2
-
Filesize
874B
MD565156a2e2244f8ad1c5a7e2be903ae0c
SHA1d95f20b7fc9aaf89a69dc132b40c408fc1f10dbe
SHA256c8248e8de83226f0064f7c2c9ef84e223194f20992c8fcb2848dc5c67bd52557
SHA512eed780727d701ba7f2ebcfbc7dbbaa7055a8deb60d3ad310ea869590d15bc6d390e47eee0a7c3302ada9b74e62bfa4fcba1917acfcdfee0fe55c735e2393677a
-
Filesize
706B
MD51ffa85465eaa9c28889a4d444c646dc2
SHA1df9d6363fbdefe0311a8b5930c7ff0a3eefa5dac
SHA256fbfd668f96206ff283a2e554d92842d4b88ba48a8face8c8cff199e70bff1a4f
SHA51259a29c02d1965dbc120cc2adeac71ea7145ccc6230b28e158037641da618802f682eda0f66d454b050989453c945ba557c0204613c6292853473c9c675994e2a
-
Filesize
874B
MD5ac452d28db1be2d8508d0bf8be8a0ec0
SHA1449cdb0dca1ef9ff7e62b8653c0f96d1036c81da
SHA2562eea554137e533386f048e3aa709b61b74e04505802a482001d965cbdae50cf2
SHA512ab5dd5fbb5f6e320fda0caa20ef2ff581de925d015837ef1276f0e2eeb04afd9789e2fe1ac1cde1dff079d912299d211434af0597164f94920f152566ea55464
-
Filesize
706B
MD5370b8e18c98e988e02258089ca261b28
SHA1cb8bb2751f29aa1738ebd147d30a29023e9799ec
SHA2564a8679a5219feeebade7df88a32b0e894380962a4494b82d8a984b5447e0cd94
SHA512da98596423c4fd4c9ce18fca1169310692353325f3d3c9b3e1b1a82cf54c63abb3394c136b44e6b61cccbed2ea285e8204e32f0c0b4732f27cffa1347e7f34f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6c6940b-716e-400b-be35-71c06a60b6c5.tmp
Filesize1KB
MD5ebd8ce0db68dd00d97ddc772e98ffc95
SHA191f3478ac7222e04951f65e70e001aa5eae0f5f0
SHA256bdcc9449293352681b5219c1adc8e96e12e4f681e7182891b0429496d4bdf7e5
SHA51228e2a7c6e8cbfd9c1ac630a89aa4dce40b01b70ed67b88aa114944f6efaddd7321cde9263285960f7f6643dedca5dcde174ef3931376a5ff85388d1ab45a4a7b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c7df65ae9f40ef3575c0938456163d07
SHA1d59a9f825e7b58f8a4ebe4dba699274a81fbdfb8
SHA256ae07671fae98a22a3d5cbb09f37f0caec48861d0800ebc5f56255021f70b13c8
SHA5126058e1276cd8d417f7b9a3035ebfe721d20b61a6e5cf4efa4bb3983a44e12d5afaca7ac44abfda535a96f7754be8360141881cee2373ce2a3c898bdf0d3a62ae
-
Filesize
190B
MD5b0d27eaec71f1cd73b015f5ceeb15f9d
SHA162264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA25686d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA5127b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c