Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

TerrariaFI...ix.dll

windows7-x64

1

TerrariaFI...ix.dll

windows10-2004-x64

1

TerrariaFI...ix.ini

windows7-x64

1

TerrariaFI...ix.ini

windows10-2004-x64

1

TerrariaFI...ix.url

windows7-x64

6

TerrariaFI...ix.url

windows10-2004-x64

6

TerrariaFI...IS.url

windows7-x64

1

TerrariaFI...IS.url

windows10-2004-x64

1

TerrariaFI...pi.dll

windows7-x64

1

TerrariaFI...pi.dll

windows10-2004-x64

1

TerrariaFI...pi.dll

windows7-x64

1

TerrariaFI...pi.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/05/2024, 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TerrariaFIX.V2/OnlineFix.url

  • Size

    46B

  • MD5

    59bf167dc52a52f6e45f418f8c73ffa1

  • SHA1

    fa006950a6a971e89d4a1c23070d458a30463999

  • SHA256

    3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e

  • SHA512

    00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\TerrariaFIX.V2\OnlineFix.url
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4072
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9365646f8,0x7ff936564708,0x7ff936564718
        3⤵
          PID:4972
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
          3⤵
            PID:2608
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2792
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
            3⤵
              PID:4680
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              3⤵
                PID:2852
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                3⤵
                  PID:3592
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                  3⤵
                    PID:4148
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:8
                    3⤵
                      PID:4320
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
                      3⤵
                        PID:4620
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5872 /prefetch:8
                        3⤵
                          PID:3888
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                          3⤵
                            PID:3888
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
                            3⤵
                              PID:4032
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                              3⤵
                                PID:5668
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
                                3⤵
                                  PID:5408
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
                                  3⤵
                                    PID:4632
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
                                    3⤵
                                      PID:6132
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
                                      3⤵
                                        PID:5252
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
                                        3⤵
                                          PID:5588
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
                                          3⤵
                                            PID:5752
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
                                            3⤵
                                              PID:5424
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
                                              3⤵
                                                PID:5808
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
                                                3⤵
                                                  PID:1840
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
                                                  3⤵
                                                    PID:2692
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
                                                    3⤵
                                                      PID:5392
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
                                                      3⤵
                                                        PID:1392
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                                                        3⤵
                                                          PID:5836
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
                                                          3⤵
                                                            PID:5488
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9192 /prefetch:8
                                                            3⤵
                                                              PID:5844
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9192 /prefetch:8
                                                              3⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:5196
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
                                                              3⤵
                                                                PID:5820
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
                                                                3⤵
                                                                  PID:1488
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
                                                                  3⤵
                                                                    PID:5124
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1
                                                                    3⤵
                                                                      PID:5148
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
                                                                      3⤵
                                                                        PID:5712
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
                                                                        3⤵
                                                                          PID:6100
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
                                                                          3⤵
                                                                            PID:5252
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
                                                                            3⤵
                                                                              PID:5036
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,5243825285565066997,10028270806384942844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 /prefetch:2
                                                                              3⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:5200
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:2844
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:532
                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                              C:\Windows\system32\AUDIODG.EXE 0x3c0 0x320
                                                                              1⤵
                                                                                PID:3324

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                2daa93382bba07cbc40af372d30ec576

                                                                                SHA1

                                                                                c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                                                                                SHA256

                                                                                1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                                                                                SHA512

                                                                                65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                ecdc2754d7d2ae862272153aa9b9ca6e

                                                                                SHA1

                                                                                c19bed1c6e1c998b9fa93298639ad7961339147d

                                                                                SHA256

                                                                                a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                                                                                SHA512

                                                                                cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086
                                                                                Filesize

                                                                                249KB

                                                                                MD5

                                                                                ca6ce6979514711b3875b2df2714718b

                                                                                SHA1

                                                                                733b12f38635033c5347e5203c9613a5ae713d69

                                                                                SHA256

                                                                                319ad59e36ce2063396f5a2edeb65ec856947ef382871338be0ba594249a956c

                                                                                SHA512

                                                                                15309eb6243f3093a49add4385b3c07d6c392deb648ed989974b9c06f76b97dc9fef7ddaec1d72c31f23004f868144328f725637bd9769ffe26d450207b0bd63

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
                                                                                Filesize

                                                                                182KB

                                                                                MD5

                                                                                6507ca0483cc6c183a1c51ed2529de0d

                                                                                SHA1

                                                                                94bb10853cfe35a5a057e487257634228c9a2acb

                                                                                SHA256

                                                                                c978a4b66dc26bfd41ae13e930a2c4eb040f356fbc05a89ff2027928824c8dba

                                                                                SHA512

                                                                                a568c25a91ed68a4b9d7f82e956f2305a59d0c0d0da9e2042064a301cf907af8b32445c497a24ecf97d8f40d3b4cd7d412f49f1b223f88e6c9310f7354f4701c

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\429ea9adfcf41ecd_0
                                                                                Filesize

                                                                                38KB

                                                                                MD5

                                                                                2801e7b655d33976d4731216c26bd305

                                                                                SHA1

                                                                                285694f3749dcf520ec73383a4c43d006603291d

                                                                                SHA256

                                                                                ded154b2362d5c166def385b8bab45a09401f3457e42fe7fc9a27af3024a5a84

                                                                                SHA512

                                                                                e575097bb401cad6488327a1c8e412601cba88d9111ce4e674b42630a70175b97a4bd20baab8bb85ea2bad4eebdc8888113454dabaaad9bb940471fde0c2d1c2

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\429ea9adfcf41ecd_0
                                                                                Filesize

                                                                                38KB

                                                                                MD5

                                                                                0d37ee830534a5e96fb20bafb0bab22b

                                                                                SHA1

                                                                                307cdbd5b3c6a72f9f18f2c0e2178faa571c3caf

                                                                                SHA256

                                                                                546c8d957d9caf9b4cffd905e3196004da0a538d2063c148bab529a0fa205502

                                                                                SHA512

                                                                                16d8ab6df1c92b6a70654a572bcd3c43ea88b1049e958a89d49a7997e144accab236719a01a35664e3cec5f7f893f0b4dd4863f81973b51986089fb8ffeb5756

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                2ebd40f4dc94ec725ea7d3cd2509ae76

                                                                                SHA1

                                                                                6d8456a33b0948743ea770e9abf6aa5ea242c3f1

                                                                                SHA256

                                                                                f6aa766486c9512aacafb9d29b27750585322ce5911a1f88217dd2bac03e8c48

                                                                                SHA512

                                                                                3dc924b80c3f2f108823be06a130898f149520df454d0e4d4878355fdd000f48b5ca0d9465b75c866c8b2279ba507045a90addbc376455bea3911dc38f587939

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                46295cac801e5d4857d09837238a6394

                                                                                SHA1

                                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                SHA256

                                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                SHA512

                                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001
                                                                                Filesize

                                                                                41B

                                                                                MD5

                                                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                SHA1

                                                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                SHA256

                                                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                SHA512

                                                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                8951d5abbd80c1d90eb968b1f8b64dbc

                                                                                SHA1

                                                                                bff7e0cc95e092583121c83e63e1a5d42abcd3d2

                                                                                SHA256

                                                                                be62d90b22737b3008ffa4ca2432ff11b12fbdb9196dbf3d3d10c04dd0e72d2a

                                                                                SHA512

                                                                                0330d865a71bb30d3e20698a7b3ce230cc821d98b0cb06be8590b0fffaf4632b6eceb82862e182af5c6f076194cf8bdf8824388132c11ad1cf14feed659c30ad

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                f47d0f7fe63a1aa2b2380207e623e58a

                                                                                SHA1

                                                                                f226bf477e2d4d50d3e8798d3b0c48b6567d29c9

                                                                                SHA256

                                                                                7ee8441e6ee5cf999ddfe595afcfbae71eefcef47b7ab68cf187b757c38ab1e9

                                                                                SHA512

                                                                                4334b2c508c92663d92992c7b8de8fda6888ce2156ef94b1f809d1ff84380497f818919b8285dde030a3551c73a3decf282ba225208ae501e5d390bb8cfcacd8

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                bc716d8a5d6529b20cfebaf2f1dacb33

                                                                                SHA1

                                                                                5fc44b7c378d739c4ae503c7edd90dc4a0d2b91d

                                                                                SHA256

                                                                                5d80a07842dd9a8814f11ae44a4a6d8a38fa1a6a06120c92453a57efc18d09a8

                                                                                SHA512

                                                                                2a9d33b037db70cf7919258a26cb3da062d39df1f8cc9c5e10b2b8ec2304a23389e9cf66ffa3ba238fc39e83fc55f9849dd567391f9b2ba957c33c5f7e2ff24d

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                0891c38bf69a8aee808a4ec4bf0e89d0

                                                                                SHA1

                                                                                ce7adc69cc7dea6854639b39751fd8c1c53b6f3c

                                                                                SHA256

                                                                                168a70983fb9a7297c4cef0a375cd353f246ff45747d3a69c76e3c0ee33274f7

                                                                                SHA512

                                                                                fcc3daac83ea31db215386ad48517e0515f016d6c616c498190eccb05421c868baf19a20386e687ad5485f75dff45fa4c9482e0b56e49828df44218f927ed7dd

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                268f7fa5e7813ce53785b0428d35eddd

                                                                                SHA1

                                                                                de945d833ca78c3a6a7eb4d823b54df33f85a411

                                                                                SHA256

                                                                                85d0a6bf00f15d5bf64b132add3b82a50c452d6a8b8e8f32317a8ff738fa57c3

                                                                                SHA512

                                                                                c9b4d1a2072c435dc10d71d6063bf385aaaccb2be4568e748e5cc8643d5d13f2361fe02c136f6e032bfb54f668bcb3bd9eaf6b89a1f576c6a195d81ea10a4aa0

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                434c7e49a9a370dae0a6675c5cdd2d78

                                                                                SHA1

                                                                                037129564c5dae2348d1655d0d43ba7d37626a5d

                                                                                SHA256

                                                                                6d2adf7729f9ae6c39a657d7633ae2a5e320a0e7345f920136553a09e7c000a1

                                                                                SHA512

                                                                                23305231f5c8fd5e15f3ebdf870e846bd16904fa0c8ba105261b8a1a5b10ad07ec3d2f4e0c9800d7125476422f2b6889e55f9c920806ca026e426d3074d4b215

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                443bbcc121ba29ec760b10ee8e043761

                                                                                SHA1

                                                                                2220a742665466f32b697763d2c7e4fbca5fbccf

                                                                                SHA256

                                                                                c5533fe9f4d93fdd609a92d2ad513ba29f769b07f7e8466d487665acadc99ad6

                                                                                SHA512

                                                                                67b5c72c72e3d26714609646cda54c54337ee02386f0da7294873306da5f91c52e9a7f371b6f2e151ec6d6947ea4169ddbd70e76491ca6c75cdd8bb7af71c6e6

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                4dcd06c606183efb1a96ff62c47be53f

                                                                                SHA1

                                                                                20964ffe8c250f44509d379cc0e272c1bd75a2fb

                                                                                SHA256

                                                                                c620197a7e183d4b6dfffa4a432a64cb2abe31b32fa1534a3412ae1afaf26451

                                                                                SHA512

                                                                                e15c30bb3bcab5adbfc09086f68b828b88ba91c03c6a3586c502b6533c5a274903624f3c7ce5091d9c7af0a64e4b931803c96fb3d6f242c02fd691adfda60527

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                bc7682c2172364c4aa3ca9a704acde6e

                                                                                SHA1

                                                                                0af706136a6302a1420b196f93d6012407a83b48

                                                                                SHA256

                                                                                70fd247d37469716707fd9ea708a162262df0e88b7b19aef1e67f1ac1bf90075

                                                                                SHA512

                                                                                b0aeb5d50552bbf4ebd4ebebf7de303cd84b85c619f611266cb87d2482fdb9b4c8facd840d6a46f84827298c2e1c73b183f005e33840f5007485e3f7393f1e4e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                098a779faef4be35dbb270c40e3c4529

                                                                                SHA1

                                                                                4bc80652597c1fcd9fd75588596295eb4ff28962

                                                                                SHA256

                                                                                05e3dfa8583d33f2b536778fa9f170efd91c823570ddb94a9fff50ade1c6fe8c

                                                                                SHA512

                                                                                402b8e1c8cf5900f077eabf2cff6aa3ae2371a6f013710650d69839b83af048bac48949d2f6692a3c70b92d54a606ce6311a20f913f814e72f47a3788210b70b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579441.TMP
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                8641a245f4c90a5cae0ecfcbd789ed75

                                                                                SHA1

                                                                                88dd7348e7aff3fdd821bf4682f25ccfce352fb0

                                                                                SHA256

                                                                                bd4df4a16dff37caf17d9ed677ece512b846bb30b6dfe91e9e0d77cff2524e9a

                                                                                SHA512

                                                                                a93a0cb6cae73ae303a51f29c22a88376eddc368a2d4f2d136f5d6c8694f043731e24f98df97dbacb8a1a2085327854abaa2124eb553e1fdfb54d9d69becccf1

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                SHA1

                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                SHA256

                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                SHA512

                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dfa91aa8-edb8-4ec7-ac08-8001b18e86a4.tmp
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                eaa3c78a1a95db2b0c6eb2521cde2157

                                                                                SHA1

                                                                                07742931e1686353543f5d3087150852328bb715

                                                                                SHA256

                                                                                32a2de677d51f54d0744806b35303b7882acae3975692b22dcc33697d4d6feaf

                                                                                SHA512

                                                                                3589af6720b5c02b75819dfe67ffe6cc3391d4341adc8e4f4e8eabb61206716fc63a065b99af92342ced5986da816271e08c2b5da30d4447b998a85a2ff49b35

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                f8f49a6a75f7d5f40f4a2dffda9c50aa

                                                                                SHA1

                                                                                3e28e3ea87a8e4e4f305a0cdce13e622266b3285

                                                                                SHA256

                                                                                1a898cf5d8dadd35cb8f3fa59a7dfcc08de16f89c114eb80155991fc0f4de1b9

                                                                                SHA512

                                                                                3854c280aeab4426d663b50c6e34ea9caaa99dbc4f8c0c70cb10878f289c2c666e728edda69efdaa134f8b9455b740964befeeaf3afebb48a3d14880e7c20bf5

                                                                                Download Submit