Analysis
-
max time kernel
39s -
max time network
43s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/04/2024, 16:18
General
-
Target
https://getwave.gg/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getwave.gg/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa486546f8,0x7ffa48654708,0x7ffa486547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9604 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15269516291697503724,2398567722652230031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13232 /prefetch:12⤵
-
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=5288822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa486546f8,0x7ffa48654708,0x7ffa486547183⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD536bb45cb1262fcfcab1e3e7960784eaa
SHA1ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA2567c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA51202c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456
-
Filesize
152B
MD51e3dc6a82a2cb341f7c9feeaf53f466f
SHA1915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA5120a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a
-
Filesize
26KB
MD5e22205ee0f1da4858395224c95bb4ba4
SHA14ee845a014bcdf325f5272543f22fba8c3aadc92
SHA2562b1ff17167d26af5b4f6814b4cc42c9802a34fddbd1c3cebac983177cd5ecb65
SHA512b49f17d44c2669b8f904ec62b9eb62015898b621c0a216ae877bf3e52f36b1ff6b936173f4f58d58dc37ef12b00072aa4bf315b7cf20c5614fb9c348d08adaeb
-
Filesize
22KB
MD59196e81f8ed7f223d765423c1f9bc8a7
SHA188f9d5c2a6908cf36b8daae803578ca9e1fd2929
SHA256a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe
SHA512e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8
-
Filesize
24KB
MD578195278e5b3bce7e5d0dc7fce9961b9
SHA146778f2b933c534752c2bd4c29103bd2fab290fc
SHA256d0268bd0fcf29ab69e1cbf1eaa91e0fcaf73a867930a32ac0797c70d2fa44398
SHA512cfa53530ef7618f580181e722795d59484a706dabea6a76faffc84751e4c33936ca6535aa0c2d8feea97d3cfa6e0ffea24aae22bb920c58723dfddb109cba49d
-
Filesize
38KB
MD531f95c6c861dd854263854a5b054a21a
SHA120c49d3566f95686a3d012b259012ca4b88ff7f8
SHA2563cbc8210e6a1a9a5521ae8e5831219c0a9f5c337c805fe41dd769ee76e4e52af
SHA512a8b1a01406c71499a2c993c5b00234c8db390e98af4d98d554add3f93a1f2d8513fcb3ebbc923f758a93d5ef31c0683a01706160395c9072f8c2d7bea57c1c43
-
Filesize
68KB
MD566bfe390b6a6874ff84fc45799166e25
SHA10a4bd30e2106d6e57ef9d234394c75dc4ead6bc1
SHA256717839367693a90b1b9151d8b3e4df18dc3fc5e5b7ec8952c2a22f76d9b4535f
SHA51292d65f853abac12cc20a1b34c8405893135653bf2e2cf6c292b5328eb3e93c9a7b680bf2534af8d5fa522a24afef32a04527e84cf31a288362378f0e2c509a47
-
Filesize
35KB
MD55009982b60a0f93eac4c1728e5ca17e2
SHA1c0f932d333b91a4b971a52ce88bc96320745064f
SHA2562ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8
SHA512401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa
-
Filesize
83KB
MD5c1f23e4851e573febde8b73194e34907
SHA125502d9eb878867c2494a7d595a9037d23341ee5
SHA256e4beac82a338f13e07b4ef4bcb103d08a05883a3cca184340a4228c33d0e1495
SHA5121102295cde9bf6a19805152f60f2233a87c2f23c14b13c81b0240b298e89ed71d8dd453f81e52c21664b91953dbbf3778718db61a77881767fd32209d281d82a
-
Filesize
23KB
MD50ce75fcc0a97637f2d104036301e6a04
SHA1f70986ae03a138e63c9e47820d4a4e5e5f5993b3
SHA256f53ee7e81971f869911c589451c98f6c9d4c25364988cbbbb1e284a080be55d6
SHA51228f5610bd62ad4650196ac635da80b85f7cad50a2c29373c11446cbf92869ba8debef50202b9232b4761cb6aec5223ff022ee64b7f94141eb5d9279041b45db7
-
Filesize
79KB
MD5e51f388b62281af5b4a9193cce419941
SHA1364f3d737462b7fd063107fe2c580fdb9781a45a
SHA256348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
SHA5121755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e
-
Filesize
28KB
MD5f04217f47619ac51664e7a65b3f77b48
SHA1c32c07c33ba8850f282492b2bd38be170b556541
SHA2565975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
SHA512baee23291cbe16489213a42eda355edbc0db78a8fa8646388bfcc9cf07911e7833bc2af58d3150127f263679f1025c955de97c66d2072f82d8e433f6033fd6e3
-
Filesize
25KB
MD5d0263dc03be4c393a90bda733c57d6db
SHA18a032b6deab53a33234c735133b48518f8643b92
SHA25622b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA5129511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3
-
Filesize
19KB
MD5e3fff76e76fca5045aba3184f9e242b5
SHA1474f16c68c475375a03b6f8eca9dc68fdf925b56
SHA25644715d222a790b28ef723457564c7160297cdc2c8ac5ad55801b764c9566caf6
SHA512fdf510ce4a33ae264437009c82e938b0ed3fce8b02ebb8c018153ddcfc4511d5f65f00dc0dfe09482aee1a3f76e0873d5aac23e7dd40aeb053e419b1cb582ce3
-
Filesize
256KB
MD56dfa4adb07e230eb92a44386cf37a260
SHA1c739b1819ce71060b4d9fba1a6c5c93de6610ba6
SHA25688cb61ce72cfc2b148c9d0e0da740c1164e01511347ff2f027aa3fea444c384b
SHA512a2294edcbd2f0bf8689ab0ceb1ad201933803dccae8f245da9b7d4020e901e7a75a43526265fd66fc66fba9cc1774a5faed374acc819648c716f18e2b5778db7
-
Filesize
62KB
MD53a652be51c7cdf3db35058299ce57b7f
SHA1eea66f5af744530789c4dbea16087354ba2cdbf9
SHA25640bd9fe9ad9539d143afa02689364b6c2f864455491e781509c8072d7444d1b1
SHA51297d4104eacbf12dfeaab807d1382f32f5f6ead3c28226920f14ee469444e97b17f65b80f6999f0ffd97d5029b7904b78708b1c47cfa61ea45fc078b63c78a646
-
Filesize
100KB
MD5f2c72371d40503acfa2d2c389c8c5e04
SHA10790500f7a7ede174bc90c670fabde19bc271e6d
SHA256cda17ff92565a1dc3a4233fd714c74203c771d1e037733810fa400fc33633a7f
SHA512e409cfc3151f604db5007cbdc0b00c977a0613f9e99cce02d9c76413af8458c07010e78b82f47b17efa4e723fc7ceb01c71af5445268b43fb919e259687c1842
-
Filesize
306B
MD5b078d1fd807702e2bdbb26efde0dace3
SHA1ad9f257a09047dfce5e11b97467d3a7036ad06fa
SHA256d3ce53b469312b099b3ec079ea233318c814a61cd1f8bc933ffeaa596df5665a
SHA512be8c3b482eab1cc37f84233a4d0ef0b6819e97c82dae2308f2ba314c3875f72afb0ca46d8faeb2abb031cc4447edf9a47563ff3763ce942b53a705906ac46418
-
Filesize
80KB
MD55d5d430d9f0cb4aa41e929f48fcfb3e8
SHA171974a3a05683c52d1b8c28497bdcc6324fac733
SHA2567be2dcc1917b5d0dd1794576292c191cc6423e0d0c56ceb90ac3da3808595ade
SHA5120b481d21df35bfbbb62765c9de32a071d441aaef57b3cb5ca3a640d644ce1164c4730635d02c212acea9fbe89386b3502cd5169f19d3400418b3e2b2f18c5b3c
-
Filesize
89KB
MD53b6f1487af4fa06d98594dd9ba3a896e
SHA1ac9261d77d16df489f2936ff2a8002ea85b07103
SHA2568fee51b8ee531de459c3e4a9e20ae1d6cfbcd5d1e9fcb22e05690f6f5d0b96f5
SHA5126f52b8d37a837b1818651d87cb2c0a4d57036025fde2d38474b0f8f8f3c63efbadd821d132456704990210d39cdbd558e54c08ff4d4eec6ac965d2a01e1ac7c0
-
Filesize
295KB
MD54e867d3c60082953da1fdaaa21cbada5
SHA1a7c70cf9aae111ebd9e831d0c71bf653acabb8b7
SHA25693d427e1f27bd32aa6f8d4a6776e1e8ae7652f2f6f24d5d5678a6e8540c84c97
SHA512c2ffcfeab99a488a4ed63e5887424800b0935b611f4062f9d319cb4f5d1eba05b8566d7b377c11f210a7222c48b54a957772dc9b3222aac03ae260ac789485a9
-
Filesize
328B
MD5bd6b93fadb887a91a86e5c030bb1ee91
SHA1a3a02ed716bb79578b194d6dae12701fee61779f
SHA2567e9f26b31f2f0ed8b6e8f04075502f377ccc6a13938f6eda23cd3570f02e8a2a
SHA512cef43ed3fdfb207f401d058d03144d42b23cc7aba808c3b02ef3cbd3968544b4bc46b07ccc3fb3675f6102a6a760309ed10f2831c90b295d1204c150251a6578
-
Filesize
266B
MD5a3575bb8109dc646b6ec85a7f3f67b50
SHA14dc5f7a69f0ca29af72e0a638e693e9f072d17df
SHA25644ca5d159c4f21f1c2ad4a16878fb8936c71835b6b2db6d379346e3cb8513510
SHA51295feab6e0c6ac22f4139e47351cae9f8ae8f1077b0c4624ab76bf99416655a07b7a6e25cf41c68f5a31d8b25942c10e7a36cfb4a7b49d2e190d5af4b16ce4ec2
-
Filesize
17KB
MD538e052bb147dea5200d043fe0275dda2
SHA1b9aeec9c3d860e694d4e4c435f9775a1ba1887da
SHA25678e55e9b48356295decc02af962286eab75c0140996f039e5b0e85a6b563a637
SHA512f3078d2d3e29cf784f5f814f48bb832a55af607e8200020f1e81b25ddd68ff66c2c13f81988d0ae29235e2b249ebd45c1986b452a81140e158a3027c59d2efaa
-
Filesize
17KB
MD5ae8ee8aea9b5c95bd8fd3a8b134b8b4f
SHA17b6ff3b6713d81d54af3a8fa23515908b131dd3d
SHA256242c5013f31a29cad2b02ffbe0ec93c3253f4fe0b32898e629fe5be8db2612a5
SHA512da1db765889a7827ec0cb4317da704b614bb14d84908a46df1b04a96c4f323d31f0a308410423652351aa5d3d921fa93a87ad44967634a0113400523285f80f9
-
Filesize
295KB
MD5de7d7f41f2fc88c5b00bad4e6c5a0bb7
SHA1ec4e0527abfd319672b35259bebde0b20dfe996f
SHA25624d455f892bfaa9b9b9acf916732f48d06b27ef7a12dfcbf6b7861743a70b699
SHA512bf90a5bdfc2762fa46e31cc801cc12eba655e547bd3ee98888b10ecd4d9a9f7eef86ac7e667be357e3a34fa2f37de7ad0167970c4538c015569ad989e5556e78
-
Filesize
313B
MD593228fbce4e6370898ac5a77a31c2e12
SHA143c3f1c8f6e38f25b654c28af00e166f5f4fdba6
SHA256510e5ee40d1f82c1e1077ed920a250ac0f66a538842154e81622d8be8aa4176b
SHA5127d1650ccac9bffbd30bff1e7575928d2cfcc9c4c38542cf3b90cfbe7444f615d75984f62ed8e2efa97e498dd07671ec65c8c3534f52e19b673b8532bee372b1b
-
Filesize
7KB
MD50f5ee570c59a1bffe13df680e07a0c67
SHA1d0b433914bb2598732987e0947ca2e8b6c7949ed
SHA25651629b0908d1d617d0520dde30d18741fde7d17a3427603a402506a5b3940993
SHA51280254ce04196d1086bbc74a81c181acc5878bc428faaa34e1b13fc54d4e57ec9667d6e533abe7ddc0b75bbeb135f0955919c03c09a7bef6e33ff6f4b9e672330
-
Filesize
6KB
MD59ebf271787f90c7f2442cfa9e8098e39
SHA1de04fc6bf4ad074a903e06600c437155e24e2f8a
SHA256cb0eac0a8f50b8d64208040ed8750fbde3f0bc38b8aab8e882524261f35c8955
SHA512bbc29b01c3fc2ae5cb73d3e2a17691f06c2ea31cf2cc562079e8312f4a0ccef672a497f7a7b67576cb5a041dba33180b1ab3c92e47757d16d544dd5193e2125b
-
Filesize
7KB
MD593e81cec9677fc500d3d41ed7b5228df
SHA125ef742b9c7e514b54b664598a0eaaf659458fcb
SHA256cd24727057442598c648759aa63b5331837fab5ada53a2256a38ce594c457089
SHA512aadff5f528e2ebd0ea591d3b04589883e5ad13c3ece171842b0c265d5dacb20db5df95df2bdd9470bcb573cfd4b8760fffb0e8c7418869be7acaa69744bb2c7b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d5cdd71d27c7e4f511bdf2442920fdeb
SHA11d88f7995582e919449efc7c13a88c8ed2713f2a
SHA256ac6f6f3870784aa2b298baaaad615327ec92996c791d4ce1be08c3fced38ee9b
SHA512d25442e56dd85995c7d01645c9c582024bf94aa6951dfb06c4d5c65ac094b91e38b1dc7fa5c516200a21dc888352c398e1d8b5a1fb7d926d31322a249203af63