Analysis
-
max time kernel
265s -
max time network
275s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
20/02/2024, 06:40
General
-
Target
https://steamrip.com/class-of-09-the-re-up-free-download/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamrip.com/class-of-09-the-re-up-free-download/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9875a46f8,0x7ff9875a4708,0x7ff9875a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6300 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2032 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,2606154526347334645,12811375121351025409,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9072 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eb20b5930f48aa090358398afb25b683
SHA14892c8b72aa16c5b3f1b72811bf32b89f2d13392
SHA2562695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35
SHA512d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8
-
Filesize
24KB
MD52bbbdb35220e81614659f8e50e6b8a44
SHA17729a18e075646fb77eb7319e30d346552a6c9de
SHA25673f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd
SHA51259c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899
-
Filesize
194KB
MD5ac84f1282f8542dee07f8a1af421f2a7
SHA1261885284826281a99ff982428a765be30de9029
SHA256193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0
SHA5129f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82
-
Filesize
61KB
MD5a1eb05b2e53b4908558d8ff04593ba0d
SHA1cf7fc2706462d69876d05b3a8485a5b5ff71bfdd
SHA256d95fd728438d7db547d3f5aa714b2bc81add8cce4dd03b0ce479d2dcfc61bd52
SHA512108ab871d7bb98b5feb0fcbf6705710b34976da63ffe1033c8b3fe9ef2723238d9686f3a1d49f64b6f11dacb69953effd81badcf4ff42d3506bf0e85fcbe9b1a
-
Filesize
51KB
MD5bf62b7bb8b43c0c627c002ad0012e90a
SHA13b66a1f58592d563b18f3db06b973b1ab694074d
SHA256045e363f71e1a17258e2d7e0381f39133023a3137b9f423fbd73bdccec12882b
SHA51232dbbbe6579119b176e9fc7d611686bab02914f3192df2cc746e5f107efaf99024cf9bfff01e2bc5176ce7fd43e0aa1b8049d25b5da224b4b816fe15a8d81ef8
-
Filesize
648B
MD5c19c867493201f1c7a0da1ff3b7a76e1
SHA10a43d918e222f76e86f327f999933906808846ee
SHA256727750edf6db484c4357cd68f71f78d176cdb7a1d54f349449c7b8c271a1b972
SHA5124ced0b510b6fbb6089040ed8fe13a5b9af7c08849c74fcae496ed3eab29dd133090fcd607b6bad909bd92bb744254438336eacf622578efdc96afaf7abce7aa3
-
Filesize
4KB
MD514db106bfd6dd983ba20db1ae76db9dc
SHA113005ace395cdd1af0b5d24cd786921e08c19776
SHA256e1b92f94fc4f565fe822c2bb52cd014c368b80bec87668220fcec15e62dea352
SHA51225a91728e4a9cd795ddee5f1f66baad1afa21a85c1b08e8652fc8f20eb36ac2e23f8eb9d3c6c34b7bb082ef9386bef5abee0cdfd8703eba88fa65471b036f8b6
-
Filesize
2KB
MD53f8e2ed8d47e18ec672721d147c5a5ad
SHA178cdf50959fb38403750c12e2cfe11581ceb61a4
SHA256281dda1a73091e4f7accdd2fdbb212f5ccdb98bbcf91d50e68f02a9f1677ce85
SHA5128c1245d0d181a878e52f6e5fed4aa311f99e6b4332dbc7ff2b7a71dd52fb102a2c60cd7cf548f666a1e6bb0ad5710e68866bd7f48572a8d0b84662add1099a79
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD562f85988666fa12583d7b3e9a522f9d6
SHA1bd3d8ce5c65d3c528e286b86f5d4c3c4767e7d9e
SHA2569cc1cb96fc3b8b6407996267ce990bb6bd83f3301e6e32b849f3359f6a66df1e
SHA5128bee8dafe1509da25b213638286f12e1e3eaffe36e568069f318ee5260725e94cd2baa37cedd23a11aa8413c0150c0b9d9e8a794ca1d30da21e5cca17c55fa50
-
Filesize
12KB
MD5fe106ccba9cb2c29c0e627f420d85f03
SHA1e02445daa1b949c93247e91d4aa6da9f63d6bb6a
SHA256ae54ed5ced43d951d137cf22d19585a5c2c37ea19a0a55e216a2e1c7a1f80d66
SHA5124c8bfd875b5114ac1580ee802c0566bd5c547616ef52a34574ac32342a6b453cd1582602d634f2c9a6a44217132289732e5cdfce32b896fc2a88eff58c296ba9
-
Filesize
7KB
MD5c0c5bd79e5ef5e61f86d8854a95e6ba1
SHA1d769097da7217f47d32b0e16816880f0df46811e
SHA25622193ed01c52787394d8dc23b1f6c8eca4b0182ed9aff0ea8d6ea2be051ade84
SHA512c1d3016455f7fef77dda3395ca23bc602c61f625d77842e3b36e60e0b3588d6a9c60868c4d3199a952b2dac5342f279ff82ff0e96152522803e38673d2434b98
-
Filesize
17KB
MD5a9c35278fbe2103799081238e7f55f59
SHA19932db59eb454b342d5c41b342431a15b9ab0d78
SHA256fc5088d2da4ac9e7d6b50382523c7c119c4fc41e50bc920aa0b3fe2fb429e9c3
SHA512d29832139b0cfdbf77708d10fcc23274a4c34463b9f13629090bb8927e92c9e649b361ef27a5a2891bc51833e077e50d3904a120c646c7b16405cf7241a4f271
-
Filesize
5KB
MD5d93246c29284eb1fc1aa8a309dfa8249
SHA1f5dff5c3567bf7c48b837387bda844e7d8079f21
SHA2562c6a0d88b2a806a2a762b27829eb436a42dadfaba34134308c7f65d69e459305
SHA512f8f5c6d8d56a513f4af93285ddab8e2a902cdedc59fe0a992618a28b46fccf8fae9e760da5904e72bb80519a33a35d56cd5521454e66f84d46b108e761de1fbd
-
Filesize
6KB
MD5cb8d12d6e7536d95f3bbc819f6ec3661
SHA11875354feb24bace21c217e2d2e89b56098aca87
SHA2563b63e86c4bec9476873445f19e1df7ba469f78cabc72eac2afde73a9d0a8093f
SHA5124ccd42377ccaee2aa1191e47a3283ee06ac01f2fe0c00403daf64e73d90fe42bc28bf2a3da63aa1b0834f4947391c6248bd884cdeb2254cec4268bde68e62cba
-
Filesize
7KB
MD58d4da9c3be6c8f84186805970f1fcf73
SHA1a535506d63690b380425ef1f7b615f9ff358fff4
SHA2561ecd53e2fbc1fbb69bdb17a0c41929174929a456a594d1346820e8425b12be60
SHA5120fc4f58464de9a62f51e1821b02eb70db76bccfb49716d128bd393185e2b4f31cfc4d3b5ecbfce36c905f02683607188ee9cce583912c8cd415da78e520eca75
-
Filesize
8KB
MD520651ce5bf5a3dec80954568390c8065
SHA1856945cdec8b4b9fd0e7e6e33a7f1bc9c0db0062
SHA256dd9f468fd042742a781161e87252d42d15155c0a8980490822320b37df0dbe05
SHA5129d4d9b24aad619e7698a84d5b73545582adfc2bc56d028a6cc279f179d33a8bc3956f23723bf03843c0fa24bc3f44964467cdf3457dad23da6a01fd1f5c596c4
-
Filesize
16KB
MD5ec94512b1c4ff17509fcfe911266ccf9
SHA1143223c028606be453d9f798c1d170ef513ab4bd
SHA256442486fbe76f9ebb0223a8a3aabb12bc64024b0f3e35e0b06fdecd86ac619256
SHA51258fb7382eddf7779331d66c8038dacac28bdc774dd7495da8b695ef9fac6b9355e86a9618525f75d9b6792bb630072924bff552cda080c1ae3127ad721fe190e
-
Filesize
6KB
MD5c01dac0aa6c85ac4dc936c3c3f5f3175
SHA1a9c80282bccfceef5f77cecea2fb2fd42ad0f305
SHA2561e04dbc870ae89be55bd8c642749cc3193ba34bb6ae88faca7e29b73ed2d6f9f
SHA51241d9ca15a58cb8d049e3513965b9fd647bf66d54d287a513bc900bcac7ddc3325ce4e1a6bc3763e33a5f6f823f62d698e4a5efa3a7145b010c109ea918aa75f1
-
Filesize
7KB
MD5d5584c5c857faaac297a580bdddfebf4
SHA12d3874193156ed539e4c17959ca8a9514c7d7671
SHA2568c84f9793bb41f406cc52b0e99a81555eb76639a0728bf3c16ee6e084454c6b7
SHA51229894fa8a2bb34a2364e50c4d7f09c2a16faf5e670e818252d45f3396ad239a9282c39e7bade75bd5ca417b18dd88edec3f6330388356ee2da4811801f8db098
-
Filesize
16KB
MD529828c4b1a559dd172a3c55a9f4e9616
SHA1c0df12f58b518919397f78b588d461c638543dc0
SHA256d73ec7a831c4ee80e68e9ddd004ddef9d7cd7e3960a446bc08ee3a8f5c1fd7af
SHA5122d6f1e994f6da99c2368ef1265550805d844c2a52067c4236b4d4addfc90a675451e3544b207d210ba6fed7508beee14341cb6742ab3fcb3ba78df2b492a3720
-
Filesize
6KB
MD57ac266b8cf87a4d62072fd52d0de5c5f
SHA1985caf1b26dd56b54349e14f0fbc82377fa85517
SHA256d11369ec5ca2a1f9ca102f8604c3ade6c630ff0e8f159532e0c9aff79f2c55a4
SHA512ca83303dc55fb7e08095520f220d3cb750d55f2ed477094636534bce407607c841c42620bd186cc59e6ec9c9b7fec832d7bee11f4c59b5a8b73bf297b2aa3109
-
Filesize
1KB
MD54628f5c725516b97ade040d58707998d
SHA152995d2ab0ea920793cf714a5ba08a0bba91bfd4
SHA2566d2fecc9757214cdc21a8056e054b409276d0dfe2877b8e2ebd05e7511e7ebae
SHA512d25114994550115f182bdf3ec9200e9eac5f54b4a75b9ce7b7342d6c25e01277c574c9e75c36494c15efaaca9ef67cc8710e12a51c643aa5385b9a0f6305c003
-
Filesize
2KB
MD57faff3f79b3819a1cfdbe95f448fae4e
SHA1102a12eaef9d1ee1ae7c29d7c5b214a2545bd95a
SHA256e1284e1ea3a8646fe47b10b3bb8c14f9b2b0074297351c3756950c030e50bd93
SHA512049c5bb3a07d4cfff62f6c357faaf299e2b92de718e33f78eb0162a751cc157d55ca855ee06c2da7a0b9adf82cddd93bf9a9614e97e95b7281af32af440ca3ed
-
Filesize
6KB
MD57535ad5c5719904d913993aafb2fd200
SHA176a33da686d531876b7a8e916effc16701b0918c
SHA256a47493da915c5dffde21120a07b9184b98749f5dfc111a388becb48b2e771c47
SHA512b246e3794e6d726b58970cd2b29a5ca032672a9acf6f65cc283c00388f7d66fea74165a2170cc3494c7179d19ff327f4328644133845bbbac3e22f39c1f652ac
-
Filesize
1KB
MD56882454b5456774b51ccc88524a05574
SHA12369ca963e24bb1e0cd2f6b41b56bdd76a746fe4
SHA256e88e84d26bb1581d92fb9e71343493a80eb253349ee8be1396f1e89bf30083b2
SHA51295102cfc478bc679d964921892b9532b0696e5522714ca09516134b325ce5f5108f3be2d3f660b49860b07bf69b4c78ead4d03ce232f641a4f30efd077b5c05e
-
Filesize
873B
MD58e45792840dac68775c42330f2d030dd
SHA17b97b84316c3e8375e6c1ee293fb6a3fe7d1237a
SHA256be7217ddfd2e72b5b4dea81b574a36c9a286b0f208b3ca802140c51f560ec0e9
SHA5128d85e0969f5736795e556475e395180ef921d84c2eadbe8721e53c2f8059097b2396435dc1e6ae92bf166302b8845b4e86fecd92c17a8c9ac7840e020f71cbc4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
3KB
MD5a2b13f9afc8318a5065b57c68081d33a
SHA1fc32d2b6cdd38ba9a2dfac4c2f1cdb93e11d6e9d
SHA25613fb722c392610d4594bca6e07a3416559b8c75d83223c42f074069a5bdf0f0c
SHA512a5f571f2ec62b05c1de2a483f032ff53e0ed1b4095f82d7beca2c07464fbe1e014f0f706764d77b99b6375fe3d7e85874963b4090cb6f83b33fe8a92ad014f8a
-
Filesize
10KB
MD566a1226fe58c79662194e8f3e5600c3c
SHA11442e2d406b181fd2f5a2e95874c4793110cef63
SHA2560ad8f42a463512cb9986f9424dc4bb0f76403f3bc9f7b7a3c696a5c1e4fdf7cb
SHA51239f48ae44db908044c69df47bf8928a1f2dc7217f26dc9864b94c674375e5114833683770a04fca30750ab1051d7b05cc10aa08843e863f527b69a5b8673664e
-
Filesize
10KB
MD5e314ddea8ff1ef32d83d0259888c1868
SHA1b40ec920e13f69ae1422adbe6b039f25f20cc75c
SHA25658c6e4518304a31dabf054bd2f3d0a2c1d652cd276cdf96682d8035e7cfa252a
SHA5124733959ba249b81fc7f467f991938fba09b4addc9f2e669c71d3890567d43705654786879299a2c5f705d15601bd5138232f0e8018eb883e4f9452e0302f460c
-
Filesize
11KB
MD5dea136ab8519b4572a21d66aaacaafa9
SHA103c5d5e020720731607832ae6f5dea65a84f367d
SHA2560def31e0d775b6212f6d3a0db766a54eb5e1b86c01b920def98d9f2ae516ac14
SHA512068dbeaa4d282b0edb93f46d766a029c18e4c9e3173088a40059e52a7847499d4c27128cdae19c20679dc25c5df6959d0e5932e752cfcd729b9059c55f984e35
-
Filesize
10KB
MD55fb45e0344c1f0dfddf0a15398cad911
SHA15963c4e4c1d2b92e969ef09bf4d9894b5fdfef3f
SHA25602015507185d235705398c19f64ec765d7f586a995e54c00502bf4b0a8fb47d7
SHA512a2928d3fa995b77dfd9ad51e556d40619ae356410d3a1d07844255118b22ad4691e4c76e9b41e7980fb224bb22adf1560463dfdb7d2de08ee3eec973c209111c
-
Filesize
10KB
MD53f06bcbf7b9b5ee9cb9ba283d4bcea19
SHA1ff7a15e3ecb61d621b44ed61ce516f39651781f6
SHA2567e232e4ca6a1be510b552ed5e0795c52f0987a052189db4b836b8fceb484d43e
SHA512d95945cc0bdd0618a4a7443c2a0d4243cc8d11927b24f6e6fc53691754147eaafb6ae750f44e8eddc87b339fd772b16a6aac99341e31bbf2f1b17f7b5d564eab