Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
174s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
02/04/2024, 13:11
General
-
Target
956573562e7d7da152d58e554d8c605dae1566cfcdc6e091511f4fa54b50004b.exe
-
Size
1.6MB
-
MD5
bd8179166fc23c803f7d1303a940ae7e
-
SHA1
ba99075cc9eed7bc43f39078c0cf203e35e985d9
-
SHA256
956573562e7d7da152d58e554d8c605dae1566cfcdc6e091511f4fa54b50004b
-
SHA512
4f28e7f1b59bc8e1b4c2f71c04f33a216b18380e940c9d143069dd27f11337cffd1a3dc4fbc121ff529817c7bf75c5eafc28bf8a45d7316416c9518f46e5d702
-
SSDEEP
24576:BywW+SerRtTFjyw5/TRFu3J0G3alUAZSRsZ14PftEdKQqvtBpHcsNN2bs:0wYe3TFjywBRFuVIzSs4Pf8qvRcsNU
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
http://77.91.124.1
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
-
url_paths
/theme/index.php
Signatures
-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detect Mystic stealer payload 5 IoCs
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 15 IoCs
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 4 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 51 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\956573562e7d7da152d58e554d8c605dae1566cfcdc6e091511f4fa54b50004b.exe"C:\Users\Admin\AppData\Local\Temp\956573562e7d7da152d58e554d8c605dae1566cfcdc6e091511f4fa54b50004b.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bf5BJ73.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bf5BJ73.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sB1JJ95.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sB1JJ95.exe3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Fd1RL26.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Fd1RL26.exe4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\lI5Ee76.exeC:\Users\Admin\AppData\Local\Temp\IXP003.TMP\lI5Ee76.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\Th8zP01.exeC:\Users\Admin\AppData\Local\Temp\IXP004.TMP\Th8zP01.exe6⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Xi12JG6.exeC:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Xi12JG6.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"8⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"8⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 5928⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2iL2432.exeC:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2iL2432.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"8⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"8⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 5609⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 5928⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Ch77tz.exeC:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Ch77tz.exe6⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4vc843wE.exeC:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4vc843wE.exe5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"6⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 5846⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5Eq5FX8.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5Eq5FX8.exe4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F6⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit6⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" echo Y"7⤵
-
-
C:\Windows\SysWOW64\cacls.exeCACLS "explothe.exe" /P "Admin:N"7⤵
-
-
C:\Windows\SysWOW64\cacls.exeCACLS "explothe.exe" /P "Admin:R" /E7⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" echo Y"7⤵
-
-
C:\Windows\SysWOW64\cacls.exeCACLS "..\fefffe8cea" /P "Admin:N"7⤵
-
-
C:\Windows\SysWOW64\cacls.exeCACLS "..\fefffe8cea" /P "Admin:R" /E7⤵
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6uN7sb5.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6uN7sb5.exe3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ii2SI80.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ii2SI80.exe2⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\388F.tmp\3890.tmp\3891.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ii2SI80.exe"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x144,0x178,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17559960982361743279,7984009671938614711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17559960982361743279,7984009671938614711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:35⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1127650847213345800,17665758316293631591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1127650847213345800,17665758316293631591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:35⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15772960491514926525,9786795547104087029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15772960491514926525,9786795547104087029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:35⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13615658459204909060,17944253727408944655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13615658459204909060,17944253727408944655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:35⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13635188363645480568,9884915201622808957,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13635188363645480568,9884915201622808957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:35⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13052526228284432608,16710919221498656363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13052526228284432608,16710919221498656363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:35⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16742855080252923224,15109417496747073528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16742855080252923224,15109417496747073528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:35⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5856750578198786411,16090268378705375606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5856750578198786411,16090268378705375606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:35⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x164,0x174,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:35⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6856 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5301563005487495331,2485801513871278324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:15⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff99fe846f8,0x7ff99fe84708,0x7ff99fe847185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,457392969525737621,8835992793761208420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,457392969525737621,8835992793761208420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:35⤵
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2524 -ip 25241⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 364 -ip 3641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3936 -ip 39361⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2964 -ip 29641⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exeC:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exeC:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5183833f15f4e140e2ebd82c241df8f35
SHA18ae0913847c4a781ab634f9fbc83b8d9df070fb8
SHA2566ed702840099b9af70b305f3a0442654f155af8344affac663b3ac141f498b79
SHA512ebf90bec81524ba65be481ab16f5014cc9916dfce95d18d438425f2cb6bc14a16bcf62954d902e3265336ed07a99b5c48f9f58c679e3d93f334b7b1d55545120
-
Filesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
Filesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
Filesize
73KB
MD57b240dfc9c3e713dd398d9d2661d5420
SHA174377fc2efbbef745c335e99bc8130201ec0d1ec
SHA2568424e2dd1b90802ef580796d739678e5a26063e1dfaef30c27e1372e93421e03
SHA512e305cd7fb8f5328b1fd236a56604f82a51414a100f0fad511148eae6ee8c4dfc35cdfb3db76f904cdbde7de96d7d9519099fb2fba679938f5c64c0313978366c
-
Filesize
51KB
MD5f61f0d4d0f968d5bba39a84c76277e1a
SHA1aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA25657147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA5126c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487
-
Filesize
34KB
MD51859aea7dc09d0a9a7aefb9fb25e1a35
SHA1922d879559f041d25d3b7e07f2ba722346c793de
SHA256b24b1d9ae581c072d4d5033a3ef0e58b920c42ac8ba161684206c59e0cc19f5d
SHA512d30d213755b202d7c2a0565513be3d3f20bab599222e8231593370314e52b3ac11c88b65794877db7d3b21d14f3da277886738e5bae0387242cfda4b552a0ae7
-
Filesize
198KB
MD5cda68ffa26095220a82ae0a7eaea5f57
SHA1e892d887688790ddd8f0594607b539fc6baa9e40
SHA256f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb
SHA51284c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62
-
Filesize
4KB
MD528b228ff84af7a96ad2eefe520d8fee2
SHA147da370cd6e2fb808227aaaba19a9b782dfb0731
SHA256ec66c1bbb3480fba61afa43ecba5bc95ec7c01507cf62224c5e8e8f0a7898dc1
SHA5121e87b1bacf2931d9f5896f6a517804ab92a6ff828b8dcad6e3d3e424b7399da58cd1f52d7be024c4cfc8c49f3f2f3f0b2b1443f6a7447d43a27bd0f63f7af4fd
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
3KB
MD552312aa9be5fd52314bae27ed45ca3c2
SHA18170c5b7b04725baf7501ec6adcc7a058655f3de
SHA25625c8b0ed318454d0ae2323b8f773c5ff5e3fc62f94de8611d3c3018d103f82bb
SHA5122b7c222dc308f9f0285658c71d43a315780585e0cac304997a8c35a0a3a9c61de2e4f855dfcfbdd557b460c1b283c9a41081f40f7650604eea55c56ed9ad9af3
-
Filesize
6KB
MD51967c56c325c5d8aea73761a1c8d4d37
SHA1654b66e1d8be9b1d268d223fa406ec8c7af97f72
SHA256c560c13afe89a84124834c55e039ff1b99414a49f1bbe3b44e0652dec566d808
SHA5128a3938d67893b66f31e6c530e4d1a9284f7748a44920473dc45a2ecc2569d1b53c546e9d426320a5900184ded4a303a1f05fa08beef66a2d15d7e02cc8af1dfd
-
Filesize
9KB
MD58d9878399b72c69fa15600625d82dc0b
SHA1814d7ab6c19f6ddf8a495a81330f29f4ef2adb84
SHA2561f7ff17d1e38afc621999f6a2a5e1eda2b9a048b7b21b6dfcdf0ce0fff7ea6ac
SHA512acb66df1063c630e0c088bc59209e84e35854a2a6b444714b5f05bcc73446ff4a6605ae345574563ae6c1fe56fed3d51fa7216bf2c851ddac2368a414fe40fe2
-
Filesize
9KB
MD5ebc4f9e87971ec83dba73d81735d65c6
SHA199ccdfe402480438daee3c7ff37bdf2c391722da
SHA256fa62c8010698d3293e11881577d465d2c5c3486308a394449b6ae9633d01d151
SHA51236a77adbd82383cdae9290382e703f117d4644c74d94f11900aaf4d28f36bc04657ec8c52d07def53443839769a63c35829f8a3b48a8dc11ddb0ba1c766286be
-
Filesize
9KB
MD5fcc9ff26185537aa4276c16adc824c42
SHA1410dedea5b1212c72c973ba2a1131894963dcbe1
SHA2567de12ac6129b0041edf1eaa5825413f73801c27c4f150841a283db1fb5901605
SHA512fa71f2036984750b5c86e66abd4a95447e64519fb6a4fb2b7c4c69bf435071ed4422ac824c72c3cadc4e5666c5d0c98f3e43ea06c678a47c5f1d238fd3199e3d
-
Filesize
146B
MD57976d420a951bcec36ecb0b728a638f0
SHA10babee10eecf6eecdf91143f02d96bd26d14d47f
SHA2569e6079220b2ae19897b0ca463d41878ef569515c102059a4afb2cdf676c18da9
SHA512cc18e24061aae173e9bd1fa29aa4565108f0e2e710f5335ab1455e98e53dd469f370ef2fbaee9b7b4e9e6c97b702062d24cf34ff18cad96041fb03bdb7acdaeb
-
Filesize
82B
MD573e57cd29df6133aa26aa6c5f8e2be5d
SHA1c3c596ee76a8ee1da8e444a685b1609c6934e82b
SHA25676dd0f58cf64ed7d625bf8c373318991ed5e69a972c3606e20e30f7352e8ee2f
SHA51244ce3351ae911501c560ca390825455519c229dc916b80efe28ede24098109bb8bf5dd0ba25c816466b53ba4ac7fb895092560dd86540beaaae3d9496624e8dd
-
Filesize
89B
MD5fb38a755149106b888d3cdcfb951c175
SHA1ebcc2a8478cc205ef74d8cd22bd00a87de1d998e
SHA2560d7c4fa3a93a88e02aa2ef6bc576bfc2ab47cb9b9e9e9c545a9d0bf8a97d02d7
SHA5120b6cb669e068160f0af79a6a517ab074e35360d72cab830f205d367229081696a6eadcde107ccbc25ec8193eb052ed9112e2b1b47d7980e7f04b61a3e91b4b0f
-
Filesize
72B
MD52e919d14cb9d38b6b98240aa2e3abaa0
SHA1011690fba5490236e97429c5c03105eb2bdc1d5a
SHA25646a555fdbafc0e1706bfd08f89729fbf5c47b4275d65c85611d20d35712d1d31
SHA512116134bfb7294e7c764d0c7804c81842aff8064a18ed0eca5615a70dffbb2974e3bdffb8d1c0885b8896b8af7acfac78c9f00b9ebaa22f2af7161905917b7aba
-
Filesize
72B
MD5f7bf767ec9b45f858ccd3fa6975ff6ea
SHA1eee98f03a25c0073d0e16b2ac15b471746d57ce3
SHA2569353421265df874611f8f196ce00408507d73a2eb1b1b3244900c277041f4540
SHA5120d41b37d41ca71ddc5fea0679f1c69f29a1ddf6afa8ea037165116256c7bb8b93e7a3a3ec91e94117c0519dd32991d372d201b51b00e2053a0d93a60879de3a6
-
Filesize
3KB
MD5d5f11ac2021c607a936b93c977f61380
SHA17ea552f221178e466fd68405660d6ef9605a97c1
SHA256ac4c0c93f4755953f239a565229e76a626787960164b5193ba72f661a1b500d0
SHA51257156c498667d34e2c9fc734bf84c03d4af2ecce776164377ebcce20a38ca808021987960681f886962e3cdfc5294c257542e5bfafd4f340afbc10c75f78b305
-
Filesize
3KB
MD5dceba12ca6f04b715413502625cbdc0d
SHA1b00c27234a1b35c9a8eb0890069b755c290c7b30
SHA256a971cad41a1068e0fac38b24db5d7e42b2722ee4a98f74c839dd3636bdd7a430
SHA5125e14104fe9857ab3f78ef6a9473e5ea9e21336c0ad492240382c70316f750bae024e8a5287f847adbba4414adc3999581ab7b0b58112ce9dbf9313e5013c54bd
-
Filesize
3KB
MD5fe8bf13f9a1748ebeaae0816ad57051a
SHA14474d8876ee538167fea84697a8107d8a6431cd9
SHA256fb4c66e9e987eeca42406eebaeb6667ecd3e437a1bdb72aef14e7412cbc0d210
SHA512ed65af5656befb336d61a6098b4e5debc2409710c05b4ee016993ce088d62c090692c6cc254af75a4363415a0d5cb4f3f237e52c4980496e00417b500c29ac98
-
Filesize
4KB
MD5f93e32b0d3556f140aaa71ec64e610c6
SHA19577d11e2356ca58e5598718a619ab361e1fd240
SHA256096b8d5cafa05e27ddcca898cee8c99c279a5dcb0eaf59ca35d89afca6f3a1e9
SHA512fcc6a97f853bcc3ea6bf065dde89f6400b8ff1dbc33bfe4dace1c8223f450b77a90b6d038c30f27f8ff745a39a35ed074d8b60dfe74259690873b5231c5176a3
-
Filesize
4KB
MD5e54ba3280c67aa0cbb7e18a19ad1f3e5
SHA1b3461313b6529cb184b438d122650dc02a4a5dff
SHA256b41e099cdc0a82610add375ff82c20cc1b4d7807156e1cb068cf7ba0cf2dd1a3
SHA51282f61943ed2e1ae00cd2240f677f1779f7ef33152eda6910744697218a6ea25111007ae1e1df6809a1cf746ca9f9299f884c2eaf7610e96dafd2b2b428407adf
-
Filesize
2KB
MD5df2d9702f1c0b6d9dd14aa2869246af9
SHA1a087991b1dc25c0c145c3c12f4a9d4a8d39b9751
SHA256c8a0915aa47607e9348e7284816828cf5700aab8eb0c55f6600166c507fbea25
SHA512caa217239876e9f7a8106d86deae0aa2e646b2ed2c034594052c9ac193a02a558a679fb67235cb00c44c47eee524cdb5af8808264232f4c139a810a624b68ba1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD53e7610f8990da8cd7c96d872976088f3
SHA1265f6ad251b32ba54972cd239633913cfc5ba5a7
SHA256f0ac6a9cd8bb7ae2d0916023ab84213a0d76b3e07351248b1d85b893ebbb2a48
SHA5125e57814393fbb1c61d8a1487542d7c94c4d9263f271a486d80af242106500dd18081b674934efa44616b718a586374697082e1a18ff093f70f48c76aeb04a00d
-
Filesize
11KB
MD5f58c36b23d9015d2c2d676bd06491f6a
SHA17c0811bc1eefc2620e4403f1f377a04b35decb33
SHA2565219c6c15610f29aef8345a10ae6f38cb202ea4a33ecf7215c9f7756f50d80a5
SHA51296e0cca29f18aae163b2db728c1a4db949f450351f8feeab2ad9831202d5d7ed6162c4651f78093611cf7eb42de8802e9088623e82cc794ca1c98daa065cbd1d
-
Filesize
1KB
MD5df17aff26f059073bed6a5f8824e5c39
SHA1f880f5cbe705ed78afe9cb3a7667b50dbc08443f
SHA256079ad17541306c21039854f1c9a28a9e1b0f131a2fd509f2a6bb1852875a3ea0
SHA5122c9cdd6846b45cbbfcfbe7dbfdaecd32a602c1feb3af1c0a1e894b1e55af5e1e8f095eb60c42bc6efafc37f3c26bc9e45259afbcde9e67bb75c93fb418a1af79
-
Filesize
91KB
MD550a942312dc71b6877aaddcb607a699f
SHA1b0abc32fcb3fabd027962586770299159c2a8893
SHA256bd040ee42cab7ae7389bb4bd91fb04286220c870c43d57dee4a040aca8bef080
SHA51234cc2aa056fa93934b864167161408e6e87ff46cebd4a32411c10343ad35a50250aafc5728be048435d9518e8f8abcb1182d2d9a18de2a2da590acb78d864d17
-
Filesize
1.4MB
MD5fa01a41114d5d2e6a174d8b57c112750
SHA1fa8ad8c3b05f7329cedd1f5b14619acab08f730f
SHA25695bb912795e5103a430b9c84e0c2d06cde9e10a272131a5c9d3c002240c38406
SHA51227b2fcb8fb6b53d3f1a9aca0610f25e1a3498c2b2d098ccbff06c46445c843afe713cd9f828683ab680d9b702f5da05444ab2d9371887a160a71f6019680e523
-
Filesize
183KB
MD58e035f41411fe092e3e47215e76b35f6
SHA1b652c06661f8831853b85f05e3c1099c7fafe78c
SHA256b7f236f60d5e5dd1363ebbb7d91f2c1e73303b900fa152fd9114af6f50d8ca29
SHA512a01b02c70c9bd362ab731caec932488b5a6e011f1f26d183079dbd9298e7037b614491908cc13a22a937408a25c55c84f42fbd553e86b993723a82deab41028b
-
Filesize
1.2MB
MD5becf4e9ece5623031dd6cba7b23abfe0
SHA1fe3ca8ec79b99b0cfafe8adc3927f5b4cfc2bee9
SHA256850053baf978511494338e2a78395e76ef23db1abb5c4397ee86e096a6dade53
SHA5123040f7857ae27555dae5281e08abc9c73fa0c1ac1684b7d314723f1918b9623789159c9400a37a33fae270288c7576408249b3202efb6de28faf7ded75c54c74
-
Filesize
220KB
MD5d7bde57170d752006a6e19c61b72557a
SHA10c5f14564931bc2fd7b8a4476b9700462ef25e9c
SHA256e65734e4fc0b243f36baa1e0cd4eab2933af1d0cbb344f3ce10b3dcaf2d9ba5d
SHA51279d67e8b9e1b1e6b28c4e12018204f51540f9827653a663f490bce88d2cccbbb3009ac43a972a88e866a8ddd8aef0c5801bce544b49d229a05a2f38d36ade1b3
-
Filesize
1.0MB
MD5c5e837c4f8def62b260d40f9b81c451f
SHA127e5d3431a3ba7189508ee1426788c4d86c55465
SHA25648d4b3fbf76f2f399db486fb56b2793503c33ef0ed491d04dde441fd223d6b36
SHA512acd169c9df402e04e5a6ac010f8828cede01a073d422701508625713482533a555d5abcd05abd45c7748784b395b7c320b14d44508035cb79598ffc8df93b9eb
-
Filesize
1.1MB
MD5c474cb24af058ec68f12ecedb0bd6087
SHA1ba1cdb7706fc2085052d82a3ed402aa443a164d7
SHA2568cbcd459d3ec3e02afb56c45998ee13d21a8cd608872d3a4b34a4e50271691e6
SHA512cd55dee64cdebd241f7c2346eb1a623c039efbcc2d692c779d7fbe7a6b398ac2650f3ce9a7b19d9f0e7ae1c297703161872fbef045c089b052ec97c09a6cccaa
-
Filesize
650KB
MD5534b9c2a5c78809198234e1d90942a72
SHA14b7b713a0314d1e0f28cab84dd4d38d245f5ca74
SHA256dc3721ab38d1b02ac815a40c4ff6d85cc2e75cbcb2e38548cc608b0b19e8cece
SHA51204d8e93fa933510e9f287dbbd96a3720854c64e5639c115813795388533022a8e651ad35ba128ff68c32e4140832550d2610b2c924bc8350ef736e6fd081e4ea
-
Filesize
30KB
MD56353e286d29c1d4f03a173a95c1df4bc
SHA1a2a140a73632bd3ce305c5e2d5c7153ab38d5c42
SHA25633c157915c50f1e4ad272082b8cf2dfc6edbd57c50d006068b1e907922e05bf3
SHA512d4384402b8c07b1dce2ac54134d55bf84373ea0a536c5880dacb530453dfdb9b0c650f3e22e82cb339cb52c057d911d67944498995ae48ba39cdd72cde8c9d6e
-
Filesize
525KB
MD512aa1e240e8932379c0b0ea329a881f1
SHA1dba21ea4b4c0bd742584bf8f0e9b91993958d132
SHA2562e8c50fa61d2bac1863fdf3fe8e68ab41fbc4f09e6bec837d06d463f6d149e5d
SHA512f692876127cab883ece3c92bb9fb1b3998132cd91b1bbdf7bf88a1408378f235db3e6bc84815b2bbab286309418af6bec94c4c64875fd3dc8727585d4e56a71b
-
Filesize
890KB
MD5e978c7e1a5be84e958419fdcecd0e1f0
SHA116990d1c40986a496472fe3221d9ceb981e25f4a
SHA256e72e37b2e1966aa59d99102486d99e0cded9faded978cdb8e7b1e59e49c4cb14
SHA5129fb36bc7791fa24cd8e87ab2fbe02079361f299a84866882b945fab775e44408d112543aced0735cb4aa6267fe8c325925a20ca643cd47b2bb3e07a2ba49484a
-
Filesize
1.1MB
MD58a4f92e7bae66ff53f4af5d0b94d7f0b
SHA14a3e2802afd48fddcad3b3badc28261aac260ea7
SHA256791eedb3d2a4b678426283d48a53a6b1d9a1e059d5ca71c942b4b854ea4f2cc5
SHA5121d2140f8792e3ab56e1fbd956f4b2cc7a31efa698284644a858c43e373b2053840d76870a45eeac43cae5eca9bd6b9c2b1f5704e26b0b2c0732f0bec0fe96027
-
Filesize
162B
MD51b7c22a214949975556626d7217e9a39
SHA1d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
SHA512ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
64KB
-
Filesize
6.1MB
-
Filesize
248KB
-
Filesize
5.6MB
-
Filesize
240KB
-
Filesize
584KB
-
Filesize
64KB
-
Filesize
72KB
-
Filesize
40KB
-
Filesize
1.0MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
304KB
-
Filesize
88KB
-
Filesize
7.7MB
-
Filesize
40KB
-
Filesize
7.7MB
-
Filesize
208KB
-
Filesize
208KB
-
Filesize
208KB
-
Filesize
208KB