Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 21:56
Static task
static1
Behavioral task
behavioral1
Sample
oyunindir.vip crysis.torrent
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
oyunindir.vip crysis.torrent
Resource
win10v2004-20240221-en
General
-
Target
oyunindir.vip crysis.torrent
-
Size
15KB
-
MD5
004b16caf233eded177bc452de113d65
-
SHA1
baedf69b15ac5375f0da212585a8150f5130bed1
-
SHA256
1c5cd32a192d6dce5634adcf261f21231e8b6ab85fc4bcb9797e1b13056a1f34
-
SHA512
630befc87149bb2e111cd95aa6ac3a85db792b41fde5ef3b8d8619e56e751da0b7934b77376da7a33eb79edf8ab252bd41b6bf370bd7cd4ce063ef5b1cb4fefa
-
SSDEEP
384:k04h1BzKeZ3vIps4qtqCDjR4MpLWDxCFuMiKpcKNxSqiJaJHSWrF1slwDrOkYa+l:6U1r7xHOC8T5hEnfTZEYrZX
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 29 IoCs
pid Process 2752 msedge.exe 2752 msedge.exe 3048 msedge.exe 3048 msedge.exe 2508 identity_helper.exe 2508 identity_helper.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
pid Process 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 5632 taskmgr.exe Token: SeSystemProfilePrivilege 5632 taskmgr.exe Token: SeCreateGlobalPrivilege 5632 taskmgr.exe Token: 33 5632 taskmgr.exe Token: SeIncBasePriorityPrivilege 5632 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe 5632 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3076 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3048 wrote to memory of 4380 3048 msedge.exe 98 PID 3048 wrote to memory of 4380 3048 msedge.exe 98 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 3408 3048 msedge.exe 99 PID 3048 wrote to memory of 2752 3048 msedge.exe 100 PID 3048 wrote to memory of 2752 3048 msedge.exe 100 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101 PID 3048 wrote to memory of 2692 3048 msedge.exe 101
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\oyunindir.vip crysis.torrent"1⤵
- Modifies registry class
PID:3132
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9580846f8,0x7ff958084708,0x7ff9580847182⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:3408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:82⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5064 /prefetch:82⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:82⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:12⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:12⤵PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:12⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:12⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17074360614790232586,3908022065887109778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:12⤵PID:5508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5012
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5632
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f6d41bf10dc1ec1ca4e14d350bbc0b1
SHA17a62b23dc3c19e16930b5108d209c4ec937d7dfb
SHA25635947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770
SHA512046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13
-
Filesize
152B
MD54254f7a8438af12de575e00b22651d6c
SHA1a3c7bde09221129451a7bb42c1707f64b178e573
SHA2567f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b
SHA512e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70
-
Filesize
61KB
MD51971e737391eabf87667012e84069a5a
SHA18fd29644afc6da70873c25f9bf9d1c495c759843
SHA256c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3
SHA51223062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b
-
Filesize
41KB
MD5271aa829d4ee3960b052d1e8e96541ae
SHA13c2f47a58201c0dc0104b11da2fead60054eb7d2
SHA25673b567eccb4e9b2257334d383e9584546f49ac27d893357e2bda2821faa770ac
SHA512f50b5d261e909e4b3d4cdf99c567843c4b624f0ed9b7dc273167330f84dc544c5ecdf8cc0709db47be7398c70c26deacce5603523e9e6914cd3f66748304723b
-
Filesize
40KB
MD58b62ca0df5fb6daf3218fe5fb12519ae
SHA1ccfbcaa01d4b5d9e9f82d12780cd13f9887dd760
SHA2565048d62eed533b3c8234140a394c0d5933dbb5a35236c1ba859a1d9f921cc0b3
SHA512bf6eb73e529b3d81adb89bf743316cbbc853c122b5d432bcc2252dfb0a962d0206acb845a97be2fdd0c67413335eb7c82c8c30dd5d249d9baae6543e1352cee3
-
Filesize
60KB
MD54baf37ea6c60848f63411c496e1250bb
SHA191a56ef9fb2c3ecb89431cab5de972e53ec4470c
SHA256158b8ebbe8a82347b695743bd07a553bd4b7f7cc5e0909ae93b82ddabfb412bd
SHA512237a7e4363949aad08cf0728520336ae7fec84e2ab6407d17ed36fa70e2b07853740c812c95ddd9eaa19c76762d47b0f4cc809278bd46ab6bbf2f2fde96ca178
-
Filesize
6KB
MD5984f0c18c0db8f25b54dfab7c8c3407d
SHA1eeda7d72670dab519bc7dd14e0a24c668e91a074
SHA25642223627ce74c2f6b6459605afe682b04e1240a1f68a420f80fd52c7b4e834f3
SHA5123e2225f373d6e837dc89033f6f504b8c49d286e09d662aab1b8c67d0660ed1dbcd8949c678de270504252e5f9a6ab91394e10a05659f06083346847d13086ec3
-
Filesize
10KB
MD52b52551f0e9b1aa9e020b07a7d28824a
SHA18f4ea293986482dd9149b47e5df8001f5f897a06
SHA256231245e2484e5788ddf1838d76aa65491967d4e61ebcc7038c02ab65656c8ee1
SHA5127e0fada817140afa1e9b3ef1d5402e989b78dbd18d0f3d5430da633beb8b0b10d003d1cb61380a59a5e831dfc42d95161c02721982f9c2c88a6c44807efc9e9a
-
Filesize
6KB
MD50277add40c4267183ea63bb552360431
SHA1431a82a07656b738d0947e2c87c2ad77e4aed002
SHA2568267056fb7c30522ca61f772348d0a35109647982e1aede8ccdc4d3bcaf60c5e
SHA5128172360413e51745a32800f00592807e06b297670d33ad0007c0ddfbb101a75c0b77d3bdf468d008f3e4fe1a820ae28c60bdc7d8be9c8c9062186c50ced5cea6
-
Filesize
3KB
MD53a5005311acd2ff25a452a94678ebb7b
SHA13696d97d27e30d325f89423853a5c90fa9232e1d
SHA2566dae78bf5f4dfe584a167f0120548d5a43838dba78013b17a493e8105558e32b
SHA512a2f3a58346494b50275eb11f447bc0e34c96227c0e1c894e80c2e082c6996a77fe6ae2dc239ba18485aa69cc67ddf52cbe3d375a5133bfe2bc81ca7916a83779
-
Filesize
3KB
MD55e68b52880618de8d9ed3dc2ca77d4d8
SHA1d66c34a275757a418bdeece294b64723cbccfd2c
SHA256333bbd9b61c0581c87fb0c811a51a488dfe66d68ca31f48cfd479d0a56ee386b
SHA5122c9c9257ea791df6d126c4831f2bac486af12e2b3e2696dddff456cb912e142b335b10af7f0358efbb2c8b5b6129e1da926df8058df80a6ac5be7040f455fae3
-
Filesize
2KB
MD5ca5228d837a03e5ecad1ad916ebc03af
SHA18332c73385d106469f40fb41aa85a3144a83f98a
SHA256104aa5eb2fcda49d812b0d7c082c20e3e111c8ff03da690d1e4ff3ae26de32c2
SHA5126652507abaae746e1579439e2277ab657bae6641dd45ce461d38b6aff465adfb868f7a27faae45a53a15f6058f6ebdc87610d5edd7598f9522200089c3dc3dee
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a89702010e5f9daddbed145e005cedcc
SHA19d42efbeffee1fe644ac6a40f22a4e9d1b577b9c
SHA256c7d54792cff6875791e1a19c87429da6d6d2f2c7d9dcc8f65d83de3ae2e5712e
SHA512256dd60747b8546926d2084cb68dbb865c19b2d4b4297d0894fadc802364d6ac9a41842736b7d8252a67082d140bb380f454a80a787e00402934207fab8ef9f7
-
Filesize
11KB
MD590c6d2a5bc205b01b465fe166b0b745d
SHA1e5f899fdce35aa857d8b39a2ace27f6243162a9d
SHA2562db1f173757572578a51e251a817d92268e2c94c9e93bd72a2f8f04f25820bdf
SHA512ec6ad1604b613bdaf4995eda15c1afc5d7ffd88f57659093de0169da1b6b913f335b2e67087f5f2cd570f90b48ac84c28c83c4bd76567ca9706025a1e2a5fd39