Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
187s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
13/03/2024, 18:49
General
-
Target
https://www.mediafire.com/file/90jz1kpdw4j08ez/Es_Ex.zip/file
Malware Config
Extracted
redline
45.15.156.142:33597
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 3 IoCs
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
-
Suspicious use of AdjustPrivilegeToken 20 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/90jz1kpdw4j08ez/Es_Ex.zip/file1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd794446f8,0x7ffd79444708,0x7ffd794447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7264 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6576 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8895716080199040433,12897322440196744668,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5452 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Es Ex\" -spe -an -ai#7zMap11481:72:7zEvent223231⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Es Ex\àásy àσÑßut0r\" -spe -an -ai#7zMap19941:100:7zEvent286651⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Es Ex\àásy àσÑßut0r\Еаsy Ехесut0r\V2.exe"C:\Users\Admin\Downloads\Es Ex\àásy àσÑßut0r\Еаsy Ехесut0r\V2.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 8562⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7416 -ip 74161⤵
-
C:\Users\Admin\Downloads\Es Ex\àásy àσÑßut0r\Еаsy Ехесut0r\1nj V1.exe"C:\Users\Admin\Downloads\Es Ex\àásy àσÑßut0r\Еаsy Ехесut0r\1nj V1.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Es Ex\àásy àσÑßut0r\Еаsy Ехесut0r\1nj V1.exe"C:\Users\Admin\Downloads\Es Ex\àásy àσÑßut0r\Еаsy Ехесut0r\1nj V1.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f35bb0615bb9816f562b83304e456294
SHA11049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA25605e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1
-
Filesize
152B
MD51eb86108cb8f5a956fdf48efbd5d06fe
SHA17b2b299f753798e4891df2d9cbf30f94b39ef924
SHA2561b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d
-
Filesize
62KB
MD547953bcd62e93772ee22d834d1438f17
SHA15d1dd3b5dcb3e1fd32d552eaf0e583ef02f2acd2
SHA256f17878d7c848d8cdc3652e58692f7636a9d19a48e94030d64009dfd66b0e8425
SHA5125590afbb8a596d3b4f329458f05c5be230048a1e65aa9559aa18ba5e46a14362788e61e728dbe0ecf9fea6caae8b455dd6e29cb50b497f85eafd0f89c5b5910c
-
Filesize
31KB
MD5e22be493da1dc48a98d8d6f0178cd1f6
SHA18c9b7faba91939dd36b502417d1a9eb35714314d
SHA256ac73feacde76fe096b76b0e319ffd553366a25e73b326c4bfd0d565e0babc845
SHA512b471700ab86108c321ede5c805bf043be8b13fd1e7073ab072a99f45a417eec3b627501a5d996eb0665303397f99b59c4270993c54e613e7d9438c74ca494257
-
Filesize
23KB
MD53ade6e078f1ec6cb2e86dda5e44682c4
SHA1d85fe320a4b964069d0bab08ad01361a2016d77d
SHA25624a01df7b88356a154d04454b2d097f6eda4cc48c6ba3ff8146447c28cc02b35
SHA51277e219e6b5699723f79da2e7f3b95306be4b3c8e3acb146431539dcb922ad679faf6e55abab80819d0a6d566f6a346e48aba771c57d40605568050c1b5b60a9f
-
Filesize
278B
MD5aad1b703364c6bd2c2f54c6e241a9133
SHA1011b26e382f7f930f8824870936392684dcb1739
SHA2563a0b378e9ed4e8a4e2e10410b0edbd82d08db6ffd30131e7dc49554da545f1ed
SHA5129c82b793904d3dbacbb31a9b4070d0b8efba7a1ec7647bce566ab76e881c21b241f1f238d679502b25a60301e98cbf483520e4a1dfd577a5eb4c84433fca7ff8
-
Filesize
54KB
MD5a888d69d44d219c2f12d9796c534efc5
SHA142d507f4b539437e96b0eec9b02dc8e4f6840f57
SHA256e48702d7a2753e895dc07cfdc19efba2350231e1f94e99c037d5550256527291
SHA512648725af6e934798c597a43ada3a17e328c3bfbe244511563477ddadaedda52338c028052fed1a4f59abf5a2dd625dc4c404ff982f91f281f446d8040e5d770e
-
Filesize
268B
MD5845c87c1c41b4a8a36a7b4c9557e4ab4
SHA146490b12521c144f55f5b9498e099368dd139c12
SHA2564ed7696eb1fcd6a887094886f09b4da859c25973f78241b7e99a5babc09e3ead
SHA5120e92dea16d534913080373961176979c1d5d560288854b4d16db8dfb1a28ed95d5b70b391695fabb77983c6a84b5834bec84941c102799abd39760bbeb9bd66c
-
Filesize
339KB
MD545c00d8e5121ed7968d67093e696d780
SHA1ad39f3afff70dc69fd843aa0c2128e650263b026
SHA2560f3cb86e1ce3e7cd2e2cfd876d35d4b1d343bd8cfe4eb9a26510d2f236cd4dd3
SHA512295982469bda4ad9097d8b8bf0d220b805770aac724a7e552ac3248888151150962d1a954f4d50c227d5dae1e78d8b4e157fee6b749bfe8e0d408d0975ceaeda
-
Filesize
14KB
MD59b1f4d4a41df6db048a6c354adbc11c6
SHA11da0b727d21e99d84d6c085784bed51ef498238d
SHA256b7810fb3d2b65bea0f5e3d102301e50e387469a4c9ecb3bf2f33b0a5c68a0f27
SHA512343169cd5c95c61a1c784e8956b540f5cde47345edf419d0e37dbf5e6f5b4b3c9c2881446b6758621e858e37bec082b54cb82fd58cd128428e6acc5eb1af4aa4
-
Filesize
158KB
MD55c7819640455daf064d67036f538cf70
SHA105410771641b93c448ffc2650549f720b69ae119
SHA25663d133f2133937373751772e6bbf4367794de1edfa623fced7a3b12a8fa1e03b
SHA512e12604a2e7d261ab327019ddf759df1185adab754c6eb637f2a701f2cd802a0e5824d9e60e2c27e691e5013a44fbd571eb279f8e2c61d072f5e724f8283a4671
-
Filesize
1KB
MD558bf6404131b36bf0f5a33336bbffd07
SHA15a1bd2e9de56021880e1148578101001f0e291c8
SHA256d4c4f27580c02c4ecb722ba57dd08519eed9ec24ed1a7a05a960a5a9acb03491
SHA512b9e0840549e63bba9abd453140a6c96262be60704588d6ad4300b284217e163e36c9bec752fbe863fd75c7931b6b655ae76dd38a9fc7f5ac20a1e46139242966
-
Filesize
1KB
MD5664f3ffeb88fb0462a4a444c035445c6
SHA12fcd1cec477753baca959d67f4bc0b01ac5855cf
SHA2564f49dfb9aaefea7466d2ad60f6f89717ac8d4d8393363cd8c289bdeb58a96c4b
SHA5128fa026999aef30955e6a33f9b28a5411c6dd2e9983c2a091b3ecc24ccc588ea71139e9c892e2afad75957edf9f7330554dced93ca537ad4733d88597d898a292
-
Filesize
1KB
MD5cc98256dd46da54bf1e919ef5749a50f
SHA17f93359b815cf15abbabba8b06f8a6769d721bcc
SHA256901dd2897e742c66e911524012356e819bfa24db0b16a9aaf9b217cf84be584b
SHA512c6d783638b0e62f24923d224e85dc8079acf11c301ec36c97a79ecfdceeac5c57a0f22db063ff199e4d9a35f683f1d6a759b88bba567e73d1759485420db5368
-
Filesize
1KB
MD5c52585851b3779e03a08e1456f4bac65
SHA1b4ca513512836c69313c8595d1930de5f40a72cb
SHA25691a3644bdfc456c86bb47b0e93392c5a1e73efc4f254d19e798ebcb55761afa0
SHA5120f242d0faa1c758a8a26ad021ca221741432e6116e206cb18302b41e3088a3c631feb93165823b072ccaa0a5bc569962c93f48fc0e2ef72596e1e639d59c6857
-
Filesize
40KB
MD5c75c74c6a8c4d46ec198e87a7d7062b6
SHA1218ea08f6f6d84b14f829eb7bb74738632996c77
SHA25650a3fa98e1a134919488f10837b5b389f5fe346a74e5f8c59961bd207b3c5159
SHA51226f53ecb44bbe120f5744a40dee121759a214aeaa604462af7ebb63756673d40ef16db4c751a90719dbbbcc4725f7617c237919474170b797605ac00792e8d8b
-
Filesize
10KB
MD5388c03ce6a343794d1507475b40c255b
SHA16fc40286d837e99e4361dae06a4cc12c42c2255f
SHA256b66999e64defa11ad1e5f994058f8d01c9635c65ece31daf50bbaf1301b9e0f8
SHA512b18f2f8a30b4c8597d1190181ee138a47c08fd1b0af78838a81719bd2ff066229b2447478589c451a0d193a086a8fc6092676934113d7f0af081efeb249086e5
-
Filesize
10KB
MD507d9e2b14daafd31fcad1543ddeaf936
SHA13ffcd696eec5d52800efd8adc29bc259c1b1ebbe
SHA256eafec11003c974ab5d04ec5bc671789ea48ac6849730ebca81b1a8e6d4ae4b30
SHA512d5b879e760f35941fb59c1410d3f6fba43cb0da523b8db46df34520d2c066a6124da7e1fb658e806362bb7edbc7aeed37f41c39609b664d7ddf64820707a97c0
-
Filesize
6KB
MD5037af70a92530dc577517b6058b72266
SHA195e8ba341cc00020611c186cf338deeafcf7d7c9
SHA25636aee92070988a1df6d35b88849ce5b8a53edd6c3e2b4c5f5e7b0bbaa71266e5
SHA512f9c261d4a8002ba3f6647d44963cb69005f2cb37fd081305bbd1f276b9ca792c3bac3b165307d08aca5fc42ca585eb601c08e84fea65735112ce1f14f415f777
-
Filesize
8KB
MD562a940c96a3e9781ac428e0f33fcf534
SHA1e35ab7f6dc2084da5e47e0bcdda058d5141570d1
SHA25659294bcb8ca654ba18a87cc546df8e699362e24c42f739c515813dec02aa0285
SHA5122b5a56a5f36b4d54d8cc3e1782491ff7164e5a052802eef1ba21ae2828e4d7ca0feae6ef85f0e54013c2329fbe1609b9c6fed043da3dba0f76d44c9300dd0d65
-
Filesize
13KB
MD5a5526adcfb6b1898ad5a7179ddcc5980
SHA1122cd28ec098ec7511475fef86b02467e762385a
SHA256f60188410f227370ed82b5d865c16c9f9b16e59ee010658f96ca8a9b5c33f77b
SHA51236c5cdcd2a78a63584dc6c3110c459899c7b592dc370d351d4686ab8c751e7421a8ab5813b92e8080ba541dc7feae1374c8f0fd1096e26925feffb8bdf877410
-
Filesize
3KB
MD5b34ed8e178bb2c4bd839e4b1f27f61df
SHA19ff7ccd82ce740cf80f6a0bd84a533c9cfa020b8
SHA256427e9818d34fa9c49827476c32fca5eaec6aa2b02b0a0c0b92caac53ae876e42
SHA512f4bd4c7f54e51b5f635683cbca7ac0daba5361d1f782fbf6e0b50b10c009fce6341b23a29529a62b5bedcffa37b7835896445f0a541b56cde272460af1558622
-
Filesize
3KB
MD5bbd8895b742b852ad4aa7b2d20528d45
SHA1f87503de3e06292a10a30f70ba230532bc4e4802
SHA25642a4383c0ddb5b46cbac9e58073fded425bd66a5d348345ab4cc00736917f4ab
SHA512f426dad54a0ddf891cc2af10183a7fdc2a1696bc9e0504c6f77b0eb9c6dc2924130e5b0172c9e957a2e545865343dfc222bcf6a83d6a90b8de0e0e7bf502fe30
-
Filesize
3KB
MD59f967a96896232d2191a9799e9b57f22
SHA1451ea5c007a1942703269ab219e5865445debd22
SHA2562ef893b863f5b5bc7a68984223e3272440a9825c7c802c6100b77b2273c9cc78
SHA512bcf4c771bab9f044f5ebecbddbb8f1b0a7b3672bad646d5d87efd4417176fba766ff7ada60b5c267142d1883274c993b1507304ab7e52475fe0789bef85e9129
-
Filesize
868B
MD5994b05722fcf244a796a82080cc89d03
SHA121f7df84dd10823257af3f6c004bde811b37ff5e
SHA256ee03afd5bad2f4fc4a42007e7bdf4a174834a7f5d519e4f4b8b447b2f0fdd764
SHA512f415aeb25929793f0553377e8d14397e7adc1f5c811edd66baad436cc2b3a0b454ff6cd066bf99ed4f71934c9fc946cacef4efdb5e20844f5b6503bfee48b3d8
-
Filesize
3KB
MD5a6f892b9b69b06cb5e649a82e28108b7
SHA1e5115a5a4fd42fd7787718a0e59b2a63a6d4f685
SHA2563ee8cc854dfcc0b7c77e6e3682ab6d562c1042de282574e4e2a9a7ce3c66e802
SHA5120f6cb87d438849cb1eea2881503f48bca78245cdbb7fbd8bebc80054133a6dd9c0556bd26db9a841b0e66e2fc9ca514ba9097e1b9f056c9c2a661d736d29e3c7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b7bad3c17f377ca9b0fbfe73ee540f31
SHA1f0694ba1f9dee496e5ecb6017cb7492dfb66cd28
SHA256eaee48e56e3259b9cc507fb47122baf63f91040203dc39a999069f7ab64ce89d
SHA512d892de47b12ed071d836c4e79b2d19a8d6755278f1127e341733cc7252e6ab72067921c02137443e6fff30d43810df3718ac4b85f0d8d23a14eee8860c8baeb4
-
Filesize
12KB
MD53b9000eba9cd34e31a141acb491d0dfd
SHA11ff719583dacc4bf3d68f9841d3eb8c200c0f9c6
SHA2568000c2ac84d3558997fd66456a17d5053a5ef9b734fc0a6f66819b4579ffcde5
SHA51246445e157e8543de01a0a97e0d62d050eebd8e0977f6453e7aac104f35d874a55246788b574c6050b56ba42e22e0750ea9ff72e3e3752863015578ae80d4320c
-
Filesize
12KB
MD55ca6b7e1d765c856056c5d327094badd
SHA1865186a66f7ab3e6c40763be19605480ac51f53c
SHA256d031fd834d9fcc1733d3bee14821cbc37afb104ac2c8a851c461eadcc89e9d60
SHA51220e1800bd9267905b71a72252a9a6d16f7ed6c4853acfc16c4133a7580be3942017a849953e4899d988370414e05a4545f54aa31a4ac297da987353c1e31a68a
-
Filesize
5.1MB
MD5276314f6baf6f2a5f60fa475ee3c035a
SHA1889cad30d993d188043d170b8230e7ffd6843206
SHA2567d3abf224e7782d53a34d3e942de0e87d8048fcd254541dae77f4faea32d034e
SHA51235133791a3213b728c4d23dc8ee9723d4441af0a6bd77328c9912395e193c820c4238f721eb4cbf708e83540fba8ba9700c41429d89407099597a7a9bce3c7ba
-
Filesize
5.1MB
MD57ad879f27bcf3f14e699268cc090bb28
SHA164bce8261584ef4a9dd3ad466966c8dba32dfd7b
SHA2563323ee2e1aa0d1badeb6370361f255a2393a2088e16f9ad09e9175af32437442
SHA51212a1af71b3b64c16e797e0b39870d17f135c38847ce9d2afcf591551ac562b0fc81d7d8b2c94f51b956f284b5b840bdbae050da9a670fef791b02e8b55d63958
-
Filesize
2.3MB
MD584c35238527a105da2270414f891e4d5
SHA1a988971b07f325b1de25c6d3003fc3760575904b
SHA256dcca360e81bf161f2ab2c29887be9597bbfa93caa75f5ac52b1232be865c5ea8
SHA5128fd15a631e590f4c10d846260c01234f76f864076e6068d3923191443f5884ff685730af228a9880373a4ffc5ef396a3f4b20f7929364bb9514c8edca0ff26fb
-
Filesize
960KB
MD5e07d717ce0d87123165c630c8d08699a
SHA12f067936a35e85c58cedb29a7ab646c64310b92d
SHA256030f2e5f600d0517ab911fe7a6d6cddaf555025f22518094b3ed9a62fd0d4732
SHA5126995e0aeac7be7e8f4f4e6bf9f8bcc79d139a592308881682741cb6a64cfaabd6540d48ff24143a4628b3545354b52ce8c2afa7aae2db50070137a51a1696def
-
Filesize
1.2MB
MD568602988b62fe607af9b446fe09f909e
SHA1fc4bd5f9a8f0c2b8f7668662ecb1a32261b5685e
SHA2569be811c1f68df4f26d03e1bcc6586f56657098d6a40a8ff4a0f4187a66286bb3
SHA512090b7525ff34651031b717c0b2b4218d79bb42e668e14a60eedd1e06ec5ea710927debc1f9480515b9ef1b63d4983e3b7a91b1ce9ea9cbf1994ca3fa88ffe44e
-
Filesize
2.3MB
MD50d24c43bd8fea5aae3ea9a11311abe78
SHA1f5a05987f0dfa88597c41b66bb8a29d602f80673
SHA2563caf4f53e77b2049e685c3d0e352fe093c22030f45951a7979ea00164abd5c72
SHA512dc95568b7707f1aee7db92f57792c6c501a3007b44a170cd3df6b349bc402c96c1959c5b61155051fcb6f8805fc4751c873c488a70a1357d6ca29d53e68a965b
-
Filesize
344KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
408KB
-
Filesize
1.8MB
-
Filesize
240KB
-
Filesize
304KB
-
Filesize
344KB
-
Filesize
584KB
-
Filesize
1.0MB
-
Filesize
6.1MB
-
Filesize
5.6MB
-
Filesize
472KB
-
Filesize
120KB
-
Filesize
72KB
-
Filesize
5.2MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
40KB
-
Filesize
320KB
-
Filesize
7.7MB
-
Filesize
7.7MB