Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12-04-2024 08:17
Static task
static1
Behavioral task
behavioral1
Sample
Minecraft Checker by xRisky.exe
Resource
win10v2004-20240226-en
General
-
Target
Minecraft Checker by xRisky.exe
-
Size
2.5MB
-
MD5
5e437613c9ff5ebac652c1bcdfd3b09b
-
SHA1
68d0706818698a8abc16964e405b601076abea40
-
SHA256
aee7b1aa2aea4d68f2dec1b7d4d704640c202152bff530ca51e19add52d5b5fd
-
SHA512
9ad15bb1ddf44bf9ffe333af94847a512a76b58de337189e0748495c3f7a1f8c776a310d773412d299f73c89db72b9f7c68543d43137c5a1980ae8f3e2dffd9b
-
SSDEEP
49152:3ITe1ItLD2qOVM9q9QhRp8Xbo5AaT0cCRX97S:JGpaqQKQyuo5PT0G
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/3076-2-0x00000000058D0000-0x0000000005C72000-memory.dmp agile_net -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{4659E3EA-E9A4-4CB3-BD1A-98B3DCC48C1D} msedge.exe -
Suspicious behavior: EnumeratesProcesses 9 IoCs
Processes:
Minecraft Checker by xRisky.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3076 Minecraft Checker by xRisky.exe 4828 msedge.exe 4828 msedge.exe 724 msedge.exe 724 msedge.exe 4704 identity_helper.exe 4704 identity_helper.exe 1064 msedge.exe 1064 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs
Processes:
msedge.exepid process 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
Minecraft Checker by xRisky.exedescription pid process Token: 33 3076 Minecraft Checker by xRisky.exe Token: SeIncBasePriorityPrivilege 3076 Minecraft Checker by xRisky.exe Token: SeDebugPrivilege 3076 Minecraft Checker by xRisky.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe 724 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 724 wrote to memory of 2396 724 msedge.exe msedge.exe PID 724 wrote to memory of 2396 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 3588 724 msedge.exe msedge.exe PID 724 wrote to memory of 4828 724 msedge.exe msedge.exe PID 724 wrote to memory of 4828 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe PID 724 wrote to memory of 3468 724 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Minecraft Checker by xRisky.exe"C:\Users\Admin\AppData\Local\Temp\Minecraft Checker by xRisky.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:724 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa625646f8,0x7ffa62564708,0x7ffa625647182⤵PID:2396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:22⤵PID:3588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:82⤵PID:3468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:4860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:1252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:12⤵PID:1888
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:82⤵PID:4892
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:12⤵PID:2088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:2560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:2564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:3792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵PID:3680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:4112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:1696
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵PID:3128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:1484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:4288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵PID:4644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:12⤵PID:5052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:12⤵PID:2988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:1252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:3628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:1816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵PID:4492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:12⤵PID:232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5868 /prefetch:82⤵PID:2492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5664 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:12⤵PID:1648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵PID:1160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:1596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:12⤵PID:1708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵PID:4232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵PID:4752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:12⤵PID:5012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:12⤵PID:116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:12⤵PID:1268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:2184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:4068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:12⤵PID:3276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:12⤵PID:2120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:12⤵PID:2012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵PID:1348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:4944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,2225492303102170894,6250592432169171992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:3300
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1716
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1488
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
Filesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
Filesize
3KB
MD5f0d5a6752563194d7fa14302d538a042
SHA1a9b2dbdb409ef69dca0d0261163c63f36ca1314a
SHA256fd60772a2129689a8ec5dadf0e11d620f251259d4660efbddd8c735f854e5839
SHA512559bca468b63aa63cfe649064ed2434f4012cbadd0b05ee829365cc62871a74ad06942b1d386cc17bd1c3f7af09e80e867e59bbbd9afd1c6f88bcba038fca731
-
Filesize
9KB
MD53930cb889355549e811d13f1f71af41a
SHA176b5274361203a2f895cfa88600c3aa4a55c6105
SHA25677fc0c77b1a5c0f6656f5e3621cdc215ae5771a72790b0158a79752917a3d987
SHA5120821a32faf3025556713c47364ca298f06d5c35e785bb3c4d78ab22276124cdce5112b1b1ba9df7ef7b72d64b8224372d9ae1f1d4d772cb5d758e78fb3681fc9
-
Filesize
9KB
MD5f3f0b6c3997d91400066478695ce13a4
SHA13d1e25a4964bafa3ae2a360617fa1c6f8b2a7dbc
SHA256b87c69e8cf682c374eb01334d32b4b5b5ad09e1d260a2c306730bc7b1631a073
SHA5127d49a24456cacdc7b667f48bad041bf0c227b3642cc61507d22e190dc8782991f495b4aded3dc29493cfb41b66001c15485e01efe361bcd2532319543987d7e1
-
Filesize
7KB
MD584e888c434a17133f29f97dbeba5dd90
SHA153aca716c7f310fd9a6317f28f54e133a219feaf
SHA2560e62b4ff0f5c5cded3a75a1ba4455801f604cdf66ec68cc4b763a85f70693682
SHA5121fe0e42c782196b665930f304467f0a38dc7ead2fac30d6c31794894263802febcf9c82b16f02c7f15957ea6e1065de2b67b4332b8371b5649f79daba64b3cf6
-
Filesize
6KB
MD5f2c9f834bad812dc411b83eaff47d64a
SHA1f99189109f5b224914a14817b7ad0b2fd65879f3
SHA256bd2869f20642dadb6b1c7d4cab3f8608baa73e48cc3ed14477865942e1b22034
SHA512aa19717cd2472c150c429c07b7b6707d17264d8c853a5d40506c0aebf5d176358ce344b2f97fe70440ef54ef51b737f333980e99d7ce421c09e5d3b48d8b14b6
-
Filesize
7KB
MD5e78a34203d6f021ea2f700b6fe2bcf79
SHA172ed998247f82e269a78c69013cf9505fee04493
SHA25627181448af7dbf64e5f8604f824e2e2488cdebef9b3636d5a7de037f228c8784
SHA5122910ebf8412c88fd8324f1d9ffceced2401e66e6976ee32a7a34f86daf678fef107403f1d342ec0b33b5ab78b21a70eb3fdc90655dcc68f586d16cb0a51ccf77
-
Filesize
10KB
MD51182f0d3ec505276ebfa5e9a0902d5e5
SHA1551bf2c9838e50d2f768c30586174c1757c5f698
SHA2560e47c127736be702f8a9a9101a0c39743290752c05b15ebd1c1de773bf783e32
SHA512d12dbe040b87a0881779a4c91884587b93d78955e862a93180a462e3e91310c9ceedac5f251e9851e49a88225560ba5115733a36f2eb0605b435c56ebc3dfcec
-
Filesize
6KB
MD502d594dda3a68e8ac5fbe42587c0cdee
SHA131ef55a6e7de073112bc70dc9410f2507d9824a4
SHA2561b1151e06235da94eede34240d7c75bda3823c5cc7a217a4730d3a7cf0cb6069
SHA512a587dffbb515369d7ee5e9c5c3f151c2faa81d7084b1c8954860b702999bca3bd8a1ba6ff202b82314308a35fd1bbb7d5e9d5a7f4c8631ad7ef0c79aa24aa212
-
Filesize
6KB
MD596e82caa6bafd861f0ccaf700905341c
SHA1368b6af5ebad51daa32c78a582c62328f4bb9837
SHA256c92f2cec648cc7f042d483387509c2da55f647c2db7b7a7ca726bcab8129d771
SHA5127f1b1a58934d743cf8070cc6e1e6721da1fdd82e0c15be37ae95a0b78ad3fe5194b7df94c80e464ddc0a1628035b36d6290b61ebcc794d185e874f4749903b5c
-
Filesize
1KB
MD5b083f5fe5766fbfb42781aa1c83d9dc1
SHA11a114fe15944b58708733e6647e0cbb0f7a632d4
SHA25692a4e78851e55aae4bf3a85871ec790c35888cdc0ea6f9b3c76cd6e4276da897
SHA512841dddb7a18e8631340bf57a51b7c67ccfd5119795a29980efdec5e45c730c8542fb240b8abaec74b28b48d14e24d2f28a59aa7e452746d66624a1807a98f462
-
Filesize
1KB
MD5544d023110f0f33b6dffcf7f3259b202
SHA18955dcdd62e3a110de43b530517317abbb301138
SHA2569032fe089c90ae1ae7df089b365bba6d3184f5751670f00a9899746d010fb549
SHA51268ac77de1e2ae15651722d66b6864ce453c069c361472710763303c911d89fe0b219f9a801a2fae3377f0eb3014d97a85c749454c1bb2aedd81d0524877a724f
-
Filesize
2KB
MD58ce34b6151278cd45e895350448a6998
SHA1c616c5d521d72cc5a138dd6fe5b1135eaf416a18
SHA256b688a23fa1dc8127fd0edc64082b3a9bfcee499a4234e8e8acafc8c695afe7bf
SHA512fb3e844d2d71675cdf5da26fbd38288f3a591f8451b7d75c72b05337b114ea137b346671f8c04a7b648b85365bcaaf1cd4b51f5e5c018dd30543d70586648d57
-
Filesize
1KB
MD51265152365c0597f1b9e7dd02fb0caf4
SHA1079cf751c9c7fd0354025cc93a5f17307d816887
SHA256d4d6ec667a23f34476f2f8a9bc1fbbb2735038f618230d1f2c4832712dc59678
SHA51205ad07e934cb1ac2a67c0460dc3b22982b74b48543c14084144d7fe67f320c57ab381d1bbdded1486eec48c233d566086e6617c6b1a7f98098f31ada5b6f5e5d
-
Filesize
2KB
MD587c3fd6caf62d25734d8fcafc4a87fe4
SHA1c7b5ba34ddbf5658c63117581cedf23ba6e35ee4
SHA25692c4c5fb448d452ba91738e0086a248efee68ce6611b09cdcb0a75fda381395c
SHA51289f56ef65ea42a1953a780d50b7b70c4969e315ab05cfaa5539e9078ba774aa02219f3c0e37f2b80344a2006489b690b5a7b877bb059958065bc124643c79910
-
Filesize
371B
MD51c78eb9ca7f1e8657e2f68a64d2777c8
SHA1bcf0cf37d5aad2cf60d5e5badc1b07fd7ab02434
SHA256b83fb2a42e2de7f4633ea9efebbbd7aca8eea42eecf388aac59b234a0330a9c3
SHA512c2f184c5b94dd9d5600c85b6c9f4f749dcf2eae5b986ce613cdad87a5f9a0ea727d74b7231c1e3928ccd8059cf420984d8530d490761bf17e80252f32a70d85a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\e4901501-3c2f-4f09-a372-fff2e3097d8e\6
Filesize3.3MB
MD543fbf4197c4848a0b30ff03c9b078ba6
SHA1f9f76295c73387f4b255e7696ecede04a4a82fcb
SHA25671de316ce0507fcf1dbf1671e2cd3aceaf9dd56647e0bd66a8ad518fac3c746b
SHA512f2a0167aac25150ac1610e8714789266e4a9ff0d4227cdb1e5b5584955a0ce491033d59b6a716130a224cdac58e3de39d9b77ea10e2fd4cdaec8a722151fc16d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e0b9dc394bb7b87cb99f345e51fedf65
SHA12542a1c4a6ff23067f05af92ce3b529d1a054caf
SHA25630b36575241caa810c19c3c6d4ab919bbc75440256fbea27bf7f79599edafb66
SHA51281a923ac4b735a4de1a327c673ff7362239dea6949d4e3e9c03dbbaea0c5c96d789fb099f0cea6cb6fc31f226d3ae7026fbf06b040b8285fdb7712518f9aac38
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e