Overview
overview
7Static
static
7WaveTrial/...de6.js
windows10-2004-x64
1WaveTrial/...da0.js
windows10-2004-x64
1WaveTrial/...5d4.js
windows10-2004-x64
1WaveTrial/...552.js
windows10-2004-x64
1WaveTrial/...1ec.js
windows10-2004-x64
1WaveTrial/...70d.js
windows10-2004-x64
1WaveTrial/...a05.js
windows10-2004-x64
1WaveTrial/...904.js
windows10-2004-x64
1WaveTrial/...157.js
windows10-2004-x64
1WaveTrial/...5f1.js
windows10-2004-x64
1WaveTrial/...080.js
windows10-2004-x64
1WaveTrial/...5c1.js
windows10-2004-x64
1WaveTrial/...088.js
windows10-2004-x64
1WaveTrial/...402.js
windows10-2004-x64
1WaveTrial/...af6.js
windows10-2004-x64
1WaveTrial/...c14.js
windows10-2004-x64
1WaveTrial/...ca1.js
windows10-2004-x64
1WaveTrial/...d33.js
windows10-2004-x64
1WaveTrial/...x.html
windows10-2004-x64
1WaveTrial/...de.exe
windows10-2004-x64
1WaveTrial/...dex.js
windows10-2004-x64
1WaveTrial/...au.exe
windows10-2004-x64
1WaveTrial/...au.exe
windows10-2004-x64
1WaveTrial/...rt.cmd
windows10-2004-x64
1WaveTrial/...er.dll
windows10-2004-x64
1WaveTrial/dxil.dll
windows10-2004-x64
1WaveTrial/libEGL.dll
windows10-2004-x64
1WaveTrial/...v2.dll
windows10-2004-x64
1WaveTrial/libcef.dll
windows10-2004-x64
1WaveTrial/...er.dll
windows10-2004-x64
1WaveTrial/...-1.dll
windows10-2004-x64
1WaveTrial/...rp.dll
windows10-2004-x64
1Analysis
-
max time kernel
124s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/04/2024, 11:02
Behavioral task
behavioral1
Sample
WaveTrial/dist/client/assets/xml-6f44cde6.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
WaveTrial/dist/client/assets/xml-83dafda0.js
Resource
win10v2004-20240319-en
Behavioral task
behavioral3
Sample
WaveTrial/dist/client/assets/xml-a91ef5d4.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
WaveTrial/dist/client/assets/xml-b4e44552.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
WaveTrial/dist/client/assets/xml-b62ba1ec.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
WaveTrial/dist/client/assets/xml-b6f4a70d.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
WaveTrial/dist/client/assets/yaml-084dfa05.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
WaveTrial/dist/client/assets/yaml-33fab904.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
WaveTrial/dist/client/assets/yaml-823ce157.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
WaveTrial/dist/client/assets/yaml-8d8ef5f1.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
WaveTrial/dist/client/assets/yaml-a4945080.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
WaveTrial/dist/client/assets/yaml-b5e775c1.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
WaveTrial/dist/client/assets/yaml-bc731088.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
WaveTrial/dist/client/assets/yaml-c5998402.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
WaveTrial/dist/client/assets/yaml-dc0d6af6.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
WaveTrial/dist/client/assets/yaml-df2b4c14.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
WaveTrial/dist/client/assets/yaml-f7ca1ca1.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
WaveTrial/dist/client/assets/yaml-f8a2dd33.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
WaveTrial/dist/client/index.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
WaveTrial/dist/node.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
WaveTrial/dist/server/index.js
Resource
win10v2004-20240319-en
Behavioral task
behavioral22
Sample
WaveTrial/dist/shared/bin/wave-luau.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
WaveTrial/dist/shared/wave-luau.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
WaveTrial/dist/start.cmd
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
WaveTrial/dxcompiler.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral26
Sample
WaveTrial/dxil.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
WaveTrial/libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
WaveTrial/libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
WaveTrial/libcef.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral30
Sample
WaveTrial/vk_swiftshader.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral31
Sample
WaveTrial/vulkan-1.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral32
Sample
WaveTrial/websocket-sharp.dll
Resource
win10v2004-20240226-en
General
-
Target
WaveTrial/dist/client/assets/xml-6f44cde6.js
-
Size
2KB
-
MD5
f9e1a9e41019d446a68d2d6692541281
-
SHA1
d272ccd08276de481a2af5dac314af9d3a4de0cd
-
SHA256
2a62757ad5da20b9c7caf26c378812bc241ff577341df4fe243729a02edc8095
-
SHA512
f8ed3d6affbda33e381323d6a4fadb553251c6288c56aa251887aede0bd99031af28c35213e624dff4e6f80d8ec39e1f6c9d224c7e5176ce7c2f806abe04a490
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{4EE0B55D-EEE4-4B48-B76F-6CA6D866B740} msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 3828 msedge.exe 3828 msedge.exe 2584 msedge.exe 2584 msedge.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 4348 identity_helper.exe 4348 identity_helper.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 3392 msedge.exe 3392 msedge.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
pid Process 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 940 taskmgr.exe Token: SeSystemProfilePrivilege 940 taskmgr.exe Token: SeCreateGlobalPrivilege 940 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 2584 msedge.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe 940 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2584 wrote to memory of 836 2584 msedge.exe 98 PID 2584 wrote to memory of 836 2584 msedge.exe 98 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 1176 2584 msedge.exe 99 PID 2584 wrote to memory of 3828 2584 msedge.exe 100 PID 2584 wrote to memory of 3828 2584 msedge.exe 100 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101 PID 2584 wrote to memory of 2848 2584 msedge.exe 101
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\WaveTrial\dist\client\assets\xml-6f44cde6.js1⤵PID:2796
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdef5046f8,0x7ffdef504708,0x7ffdef5047182⤵PID:836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:82⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4324 /prefetch:82⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5004 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:12⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:5608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:12⤵PID:5616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11685445280493246396,12131241622590052793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:12⤵PID:5856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4316
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4948
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
Filesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5682ce565483fff325b5e8968a32d4c3a
SHA1cec46cff563dcea41fc58f94987e270b4b57ed3e
SHA2565a615c589046bb53af9a53b9d4370743f8865a679e2295d605cfe6a8c704356d
SHA512c0160ff0b54d8df1d8661e3db643439cae16c3498d38e2003a8f6731a0fd19d736aadb6ca7c8339a7067efff842c69c5f95642cc70267e80e3500e359accac73
-
Filesize
9KB
MD578b224e7ec1a64804c4da5e9f7763b4c
SHA15d2ecbaaa9da19c40270f3419353c93944407687
SHA2565d0808a2b31de32b7552ca991955693ed42a92180bc8d602aaaf1277dbb084aa
SHA512f4a036408864f65824145e0a15c33aea9629f38d190e049447cc54723719ff93e9152161fe0c78141b80205fdf6d04ea1a3959e395bba35f09384dec365a6571
-
Filesize
6KB
MD5552ab62b39ee23c56dea9b7650fd61d8
SHA1b95fff990f6703530abf755bc8404993babea0c6
SHA2564030f8b8ca195e25bb852c4f7821946761c2810e7ac96773db1b445611463d4e
SHA5124c9d9d54e88fd329297e1d6f06b2757d7ecbd8dad75ef2d05378e506323f0d7a051b96a8a507a3608d7287de889764c0a51cb69ec717cda050bd1ded074e801a
-
Filesize
6KB
MD58982e8b7d91db05e5c212fa4adbb0a5e
SHA157faea7ad406375ec22d24885484b21898d6584d
SHA256b4275639d70f02837a9e0517acfc1ea93b0e1c92b1112d29d9c570064d35ea4b
SHA5123d0475ef7901e1409e087a1f57df512416590a6acc850a9da7a58dbc3d0cbc6e6555a7a21e62b85b31532417f4f4ae22f0a94cac46779f4020568788ca3f9040
-
Filesize
13KB
MD55c37dc96f014025607835c1b08bd1092
SHA18012abde8b3fb2860afd002a9a2087e68fd59fb0
SHA256e6cce11039bef8ebce216b1db8dd2621208e44da6c828e6f163eb1633829c979
SHA512a63582c2dd3cf414973eb98a00ed6b5daa5ade0a19d547d6b5ac0d48ea38f48ec37541f673a2b7d343ff4546de0e175b46dce395b81414e3c5b732b846312fb4
-
Filesize
13KB
MD5cf255197af8d931c3a8b46c151d5a667
SHA108e2e3eba5d407bde385542970784e3172e9f528
SHA256a5a3f0b6c4cb1e03d75826eed968522fd5b9c4a56056da900620193348cfd6f8
SHA512f0052116cde7f1bc5402b46b8d6d1dec79aa65c261f05e18ad3eaf393e1dd0df4742fc2c54df0b97793c0ece9597cf1a07ae140424b4d07494487b50e10cc62a
-
Filesize
1KB
MD5bbbeb78a4feb12329d32b47ca4620207
SHA1bf0c335a6476a13a168426b9776651f0e3c0a2ee
SHA25671c6ac2315576cad8a9905715e0417a06861b241f66a7d57ca47efc1ce3561f9
SHA512cf19a05af5f08b028ed5f243f0c601d8f27252d731143ea5657c765ee1d0a3ff8ab281ff9f7077c442daf5e7f280eab30d611e4e833a3f6f218b6ec1da72af6b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e76ddbbc-4b72-4a64-83d5-b2c6e3303c96.tmp
Filesize4KB
MD53e83cf931a9ba14f9d8ee39bc05855fd
SHA164704e40086c3e9d918c8043c64b619a4d745f5b
SHA2562e512a6e74a4ae14b979453b8668e3a728e51277f6980e626561fdb9b577480a
SHA5126fe744d0e7506fd37aa0740b904a0f0fb4808d9f1e7034b12d513b3ad63d088ee98f838f13309ed9f1731ed1d04ede934624e60c7abcb785b3816fb9b265c1f1
-
Filesize
11KB
MD5511af6d15cc7aa5e8f5880736d176a44
SHA1b6303c6b8d61bbf363d625073c59bf76747a1512
SHA2567ad05f11c8b5729a366d7590dd0efacb8c76929641c28a3435ed8bc3bbc0e903
SHA512826c2723955a610aa2b7ebf23e6a12687e8a883a71ecc3f59fccf1b8d5166f2c8b95b10331bbfa8467988eee5dcad69f69306d798e935d97e72a6322230fa01f
-
Filesize
11KB
MD5df32de37f4f307886a1f683a22360aca
SHA19d65847786223243cfc07da9e78adc5f9469f4b0
SHA2561c625602931c8ef45450b939214b0d49d7510cfe48b68f31d9f0926149ec37b3
SHA5121f7c6f8b0e6e04d77618f24c73ffeea1f1896dd7fb0059aa46d2cdf07c9d0823e237b43be512d7fbecfb4bf1a2f36b5d82394b28e261d9edca3cb8d085aefec7