Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
80s -
max time network
86s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/03/2024, 11:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bytlly.com/2tlvMl
Resource
win11-20240221-en
General
-
Target
https://bytlly.com/2tlvMl
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings msedge.exe -
NTFS ADS 3 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Boom-Library-Toolbox_GKL6JVwnYT.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Boom-Library-Toolbox_GKL6JVwnYT (1).zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Boom-Library-Toolbox_GKL6JVwnYT (2).zip:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 680 msedge.exe 680 msedge.exe 1676 msedge.exe 1676 msedge.exe 864 msedge.exe 864 msedge.exe 4924 identity_helper.exe 4924 identity_helper.exe 476 msedge.exe 476 msedge.exe 4164 msedge.exe 4164 msedge.exe 2856 msedge.exe 2856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe -
Suspicious use of FindShellTrayWindow 50 IoCs
pid Process 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1676 wrote to memory of 232 1676 msedge.exe 78 PID 1676 wrote to memory of 232 1676 msedge.exe 78 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 1924 1676 msedge.exe 79 PID 1676 wrote to memory of 680 1676 msedge.exe 80 PID 1676 wrote to memory of 680 1676 msedge.exe 80 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81 PID 1676 wrote to memory of 4604 1676 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bytlly.com/2tlvMl1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff912133cb8,0x7ff912133cc8,0x7ff912133cd82⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:82⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵PID:424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:12⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:12⤵PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,2973452346921346692,16010659530706046264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2612
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4896
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53b1e59e67b947d63336fe9c8a1a5cebc
SHA15dc7146555c05d8eb1c9680b1b5c98537dd19b91
SHA2567fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263
SHA5122d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0
-
Filesize
152B
MD50e10a8550dceecf34b33a98b85d5fa0b
SHA1357ed761cbff74e7f3f75cd15074b4f7f3bcdce0
SHA2565694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61
SHA512fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5ff3824ac26f67691ef8d18d47cec2fab
SHA199b7fc918dd6547db5beb7864b518d4972b50487
SHA2565110d8ff6278d943c83a71a10bb70ec23396032faaaeb22207ab5c7aa3eed2f3
SHA5129b557f0438d2a3a51e28ce52c74b44d2becfae8ef80a41a76c72d79c500d2d2a95441b8174143c95d71b66a3977b91ec21811d9606d5a398756980bd58bca4d5
-
Filesize
912B
MD55fb6946057bb0a2719c4dba758783e6e
SHA1a31167124a45fc79657fdb370c3c274b8867cc71
SHA256d1abdc94c2c9c79f0d5566c9b14871cf2d5cd46c1ed25af612144e041520ff32
SHA51279762aba3f51853418d19a7fc23f3a9bb4fd225db04308a3ef4b66e8d1cef4319a86d1503c8faa6802ab8a3f99415c1cc26940167fbfdc8f692678a132426c5d
-
Filesize
6KB
MD565762a63f6755cc6cfac39eb589ee6b5
SHA1cf7b1fd38c97c74e5b6b26007fafa2741d55b40c
SHA2565cbb73f31fdfd2b97846f2777c2dd23cbf9265b196640c08bf9d19ebfdef5121
SHA512936f8b2bebba63ca400fd61bc9155f202d2a55ee6796d59ea06837aab976ba875b76d3ebfee2aa414a1edc533426d21078adb65e443846e4a55e7a07396240f1
-
Filesize
6KB
MD554651a2e03c9580a2f7ee1a04fd6c74e
SHA113d6a57f457e60e2f2692f771da8f9f143fd9f6b
SHA256e823fcb17879c9ef72994596bbd3f3b9ad0e64693fb8329ac80684e7bf788f82
SHA512cc915b102e1980d5a8e1cadfb440cad71f9f78acae13969dc8699d7309f4da2a365ae4af288b64966a56fb1da86b023140f22c1b606472707a4b485f535e85ce
-
Filesize
6KB
MD580b9562cedf9255feb7f1ab03b2fc1dd
SHA1b10591cecc74a16db857047e5aea0b6ca1da1914
SHA256b91742fc7de9ebd07b8e1ff8216815408e7fd62ac3e5badc85504ae6025b9444
SHA5121855dc0abb67922e251b4421fea3d86c43d9d56cde4c90b20506007ade2fa96900cff7cf41b36f24c86f51b2605770cfbed8cb3aa989e15aec3829f6c8a7ea3b
-
Filesize
6KB
MD543bebd5909c2e83a3e6c834c8ead5847
SHA1fe848c20813ed449ef31489ceea7794b3a22d30c
SHA25654f6b11363e75cd6abc747d7f6ca073843787a7f293692ec9b40931854e8c697
SHA512ad4c9dc0293e5a27e36644606f3edc3c0d3f655e29b6a27fc070914a07b3385b72c3d1032e94b5e39b66e106503b3e93967389d67678a149041978786ddd421e
-
Filesize
1KB
MD5a626061f16a69616d3c7f726b734203f
SHA173ffb15e141d193ae0b93827fe0428ddb739e3cd
SHA256f1cc1489e0ca33eae95b1ba0abefd74dd1214f5eb14ca489a30740b095dffade
SHA51287c812595d62c05c709a9d5ccadfdcb09c8d1a47d5aca1854e1850108102979c35cef08ec91e474e3c577dad7e4ce8dc49891cf454d01633b1a709661365492c
-
Filesize
1KB
MD51de08d20598650a64fa7e389dd00531f
SHA19277f4f5c228abfe6d47f7459a705346d634123f
SHA25612d68d55e7c5b57557703c3c5783bf70872f3949f34446f4f612017a1f614097
SHA512c18243f847b709b3d52193367a8d542bb9ef672ccfecf3043eafacc82db43cc2e3ba88b499d181cfdcd8d1ba4e07db527ba4860462bb7a92eba13d465ad21d4b
-
Filesize
537B
MD55c476e28423f0aa073d819cde107493a
SHA18e2427bb367c88f6f7054a1cb78a89736ba68f96
SHA256058e0cdaf4f31aa07bdf1ff2350c5c6951d7b192e967c8359dd4aebcda867a5a
SHA512ada9d22e458dea7ebaaad277fb3cfb9a47324c5eded7a4ca8e6d0f4eabdc27da44fb4a2c12d78de4239ea8c2fdf03a42eff1518eb8b0e935737fa024e84636cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af18cfd8-0fe5-4942-af58-da9a4a44708c.tmp
Filesize5KB
MD5f9f459939cb8d5879b3b89f379f8de98
SHA1cc391ecd8a53d25718b2f58f7d3f3bd3dac4d73b
SHA256e18e1cc049bfc4b6f8d7ce47d16b4da9725a5c7e53f339d78561b1606790b6c1
SHA512bc78ff0f26b4a13fbcc31432329ace91fd4170d06aafd3d40fee9e8ba50c8a50beddf11314cdfca39a0df7814f2d7b4712dc41ac6afe8999cf6b6a45770bd99a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a6c41b1b6114e52d889e556d9c1f6aaf
SHA1e6f23b985246c41fe773106f12283e0bdd06fab1
SHA256b70bb7376800e7e1e340592f9c413635a6edd726c1668fda729eae7751d3e5e4
SHA512c13d4157b778dd93b891a3b102eacaf68f739ebfd2d225a318d07490c23e2512611520ded11626bfeec8bd92093c8d33547707b034ef037d98b352d0ca6aed30
-
Filesize
12KB
MD51332373d5b6a9f63f3764eb83e628730
SHA193cdde18b6b90356a9f41c5f11f2bf95d8972e68
SHA256794d6a57840d0f137d8451e1e3f06becd53dedcba7027d0ce666d81969f27280
SHA512620f7dcb6265d74bf08e57b157afa0dcc4fe7592aede94ca31ebcb94490e71752670be22e0b6943ee23e4b13af0068125e0656386fa7f1a547121e51807bee0e
-
Filesize
4.4MB
MD599cc03d56d5053022a7746e495daaa09
SHA113ef21cb8115922cb98ec24abf6c92aa80bccedc
SHA256a7723fe756cacd08e6123c698c5d5c889fa980d980a1e3249631784976a9e755
SHA512f0ce17aa77005843293321a08a0f561fadcc81773906a582acbc1a62e5881d513c6dd84a3866efd73d759e6f790be010b3a2b9c8c3bf48819baf507ce0213a8b
-
Filesize
1.7MB
MD5d92c06f1fb9fd79961542a5660967303
SHA1c02d2c43a348826c33b358cb787d6662c6d3987c
SHA256e4ce0e31ae77b115f4afc8c9bee830ca3a7b0a444c3c1de36e8ff1bd955c44d4
SHA512a8fb0f0363427833f4ecb6afa923a11a4ca41c961326d6a091b2700392b7eff8f7d3272cecea1be2698696dff9cb781466100dd202e8404ba6aa422033af24d5
-
Filesize
4.4MB
MD59f317185af81cb988878a2a24fe96d6a
SHA1877828291ad5fef9f74510ccb3b9d6fc54e6c01b
SHA2562b4f495aadee1640344d68a7da08aec036db0d3b0ce000bf0c0776404ecb15ee
SHA5125baace932addade6b9bd5b1e7c2574450a2fbff232aaa75df7079144d16c0ddaeb11dd68149575d3ec5e6fb4fb17cf90b93f6c5bc45c6e59ced01a54b81071fa
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98