Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Malware-da...00.exe
windows7-x64
Malware-da...00.exe
windows10-2004-x64
Malware-da...ws.exe
windows7-x64
6Malware-da...ws.exe
windows10-2004-x64
6Malware-da...as.exe
windows7-x64
1Malware-da...as.exe
windows10-2004-x64
1Malware-da...ck.exe
windows7-x64
1Malware-da...ck.exe
windows10-2004-x64
1Malware-da...V2.exe
windows7-x64
10Malware-da...V2.exe
windows10-2004-x64
10Malware-da...er.exe
windows7-x64
1Malware-da...er.exe
windows10-2004-x64
1Malware-da...an.exe
windows7-x64
1Malware-da...an.exe
windows10-2004-x64
1Malware-da...up.exe
windows7-x64
1Malware-da...up.exe
windows10-2004-x64
1Malware-da...nt.exe
windows7-x64
Malware-da...nt.exe
windows10-2004-x64
Malware-da...ye.exe
windows7-x64
Malware-da...ye.exe
windows10-2004-x64
Malware-da...ry.exe
windows7-x64
10Malware-da...ry.exe
windows10-2004-x64
10Malware-da...op.exe
windows7-x64
7Malware-da...op.exe
windows10-2004-x64
7Resubmissions
27/05/2024, 22:11
240527-14ae9ada43 1027/05/2024, 21:15
240527-z3zhbabd59 1013/02/2024, 12:11
240213-pcwzdshd2w 1013/02/2024, 12:08
240213-pa6qtahc7y 1018/12/2023, 08:13
231218-j4g2nabaf5 1005/12/2023, 08:54
231205-kt32taae27 1005/12/2023, 07:41
231205-jjdthahh6w 1005/12/2023, 07:38
231205-jgmcvshh5x 1026/11/2023, 09:39
231126-lmxf5agd87 10Analysis
-
max time kernel
147s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 12:08
Behavioral task
behavioral1
Sample
Malware-database-main/000.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Malware-database-main/000.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Malware-database-main/ChilledWindows.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Malware-database-main/ChilledWindows.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
Malware-database-main/Christmas.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Malware-database-main/Christmas.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Malware-database-main/CookieClickerHack.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
Malware-database-main/CookieClickerHack.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Malware-database-main/Electron V2.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
Malware-database-main/Electron V2.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
Malware-database-main/Flasher.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
Malware-database-main/Flasher.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
Malware-database-main/MEMZ Trojan.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
Malware-database-main/MEMZ Trojan.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
Malware-database-main/Popup.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
Malware-database-main/Popup.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral17
Sample
Malware-database-main/PowerPoint.exe
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
Malware-database-main/PowerPoint.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
Malware-database-main/RedEye.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
Malware-database-main/RedEye.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
Malware-database-main/WannaCry.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
Malware-database-main/WannaCry.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral23
Sample
Malware-database-main/butterflyondesktop.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
Malware-database-main/butterflyondesktop.exe
Resource
win10v2004-20231222-en
General
-
Target
Malware-database-main/butterflyondesktop.exe
-
Size
2.8MB
-
MD5
1535aa21451192109b86be9bcc7c4345
-
SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c
-
SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
-
SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
SSDEEP
49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 4988 butterflyondesktop.tmp 3532 ButterflyOnDesktop.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop butterflyondesktop.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 6 IoCs
description ioc Process File created C:\Program Files (x86)\Butterfly on Desktop\unins000.dat butterflyondesktop.tmp File created C:\Program Files (x86)\Butterfly on Desktop\is-015M0.tmp butterflyondesktop.tmp File created C:\Program Files (x86)\Butterfly on Desktop\is-QRO5O.tmp butterflyondesktop.tmp File created C:\Program Files (x86)\Butterfly on Desktop\is-S7VRO.tmp butterflyondesktop.tmp File created C:\Program Files (x86)\Butterfly on Desktop\is-HP6E0.tmp butterflyondesktop.tmp File opened for modification C:\Program Files (x86)\Butterfly on Desktop\unins000.dat butterflyondesktop.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2096 msedge.exe 2096 msedge.exe 3348 msedge.exe 3348 msedge.exe 3468 identity_helper.exe 3468 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 4988 butterflyondesktop.tmp 3532 ButterflyOnDesktop.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe -
Suspicious use of SendNotifyMessage 25 IoCs
pid Process 3532 ButterflyOnDesktop.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2928 wrote to memory of 4988 2928 butterflyondesktop.exe 83 PID 2928 wrote to memory of 4988 2928 butterflyondesktop.exe 83 PID 2928 wrote to memory of 4988 2928 butterflyondesktop.exe 83 PID 4988 wrote to memory of 3532 4988 butterflyondesktop.tmp 93 PID 4988 wrote to memory of 3532 4988 butterflyondesktop.tmp 93 PID 4988 wrote to memory of 3532 4988 butterflyondesktop.tmp 93 PID 4988 wrote to memory of 3348 4988 butterflyondesktop.tmp 94 PID 4988 wrote to memory of 3348 4988 butterflyondesktop.tmp 94 PID 3348 wrote to memory of 1664 3348 msedge.exe 95 PID 3348 wrote to memory of 1664 3348 msedge.exe 95 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 4604 3348 msedge.exe 96 PID 3348 wrote to memory of 2096 3348 msedge.exe 97 PID 3348 wrote to memory of 2096 3348 msedge.exe 97 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98 PID 3348 wrote to memory of 1368 3348 msedge.exe 98
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malware-database-main\butterflyondesktop.exe"C:\Users\Admin\AppData\Local\Temp\Malware-database-main\butterflyondesktop.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Users\Admin\AppData\Local\Temp\is-NE61N.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-NE61N.tmp\butterflyondesktop.tmp" /SL5="$6006A,2719719,54272,C:\Users\Admin\AppData\Local\Temp\Malware-database-main\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"3⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3348 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0x44,0x114,0x7ffe5b0346f8,0x7ffe5b034708,0x7ffe5b0347184⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:24⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:84⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:14⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:14⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:14⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:14⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:14⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:14⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:14⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:84⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:14⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:14⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:14⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12807144930957365702,5545969871727516137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:14⤵PID:976
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
152B
MD53e71d66ce903fcba6050e4b99b624fa7
SHA1139d274762405b422eab698da8cc85f405922de5
SHA25653b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA51217e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize648B
MD5b2427638595cf3b9d9e92320d356ff32
SHA1cf9515818fc7058a1496c09490a7db994556b538
SHA2569be22ed126eaa6601f13a43b2ff9f9224a5bc301a407b915e7dccb85b047d911
SHA512be8c91abeb972b8ec326be455193d0b1f7e96f9744b85e696dd526212b5d2bb582d11c3d8c38792df39a09f37f79d90fa0375a51df3aaf88200515134acd84b9
-
Filesize
7KB
MD52eeb735470ad4f74fa58f6f6da4352f4
SHA157580e1e6af4a842b3720bd6ce03e2681b74522d
SHA256f62edf2a4b056224ce32e43ae4eac87d4f3d9058280157b4bdc94ace44abc880
SHA51291019e01082aa438b6b060e4cec682e6fb772086d0c930f327c4484d3d33d048a80a519d9bfd2d55240401e1b7603ed50c2ea5b0660b3338aee2d4427e7f4453
-
Filesize
5KB
MD511aef1dd4a471d875e425ba6100ae2d2
SHA1990347cc43fd3afb346c816cc42721de57f750a1
SHA2568907650ae6bf40f1356d41f4633f129030c369d34d0a148fd8ccf6d4af897214
SHA512369b2249ef876236fa4a1f80098ce642ecf4dfef6835023fafe6721d02b1276ae700f02f2514e11401103881eaaa40379c32ba5d743a4e52265f14c7a13eac74
-
Filesize
24KB
MD51b1b142e24215f033793d1311e24f6e6
SHA174e23cffbf03f3f0c430e6f4481e740c55a48587
SHA2563dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1
SHA512a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d48b88722a3c241636f2cec6550eb19a
SHA1df4c9eb33ced2722b7300608061e4a7e14b130b2
SHA256032294d6a1bfdb0b381d037bdae71049d05c094b21176f0b646730bce7cf96b6
SHA5120c8aa1d101a40ddd681664e723e6e4e22333aaec952cf1ac5b787cd6aee225516a461c440a39b5d5e3caf6490ca1c519dce4b4ce65151e36adfabbf07b95ead2
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891