Overview
overview
6Static
static
3x64/OnlineFix.url
windows7-x64
6x64/OnlineFix.url
windows10-2004-x64
6x64/OnlineFix64.dll
windows7-x64
1x64/OnlineFix64.dll
windows10-2004-x64
1x64/StubDRM64.dll
windows7-x64
1x64/StubDRM64.dll
windows10-2004-x64
1x64/steam_api64.dll
windows7-x64
1x64/steam_api64.dll
windows10-2004-x64
1x64/winmm.dll
windows7-x64
1x64/winmm.dll
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 16:30
Static task
static1
Behavioral task
behavioral1
Sample
x64/OnlineFix.url
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
x64/OnlineFix.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
x64/OnlineFix64.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
x64/OnlineFix64.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
x64/StubDRM64.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
x64/StubDRM64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
x64/steam_api64.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
x64/steam_api64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
x64/winmm.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
x64/winmm.dll
Resource
win10v2004-20240226-en
General
-
Target
x64/OnlineFix.url
-
Size
46B
-
MD5
59bf167dc52a52f6e45f418f8c73ffa1
-
SHA1
fa006950a6a971e89d4a1c23070d458a30463999
-
SHA256
3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
-
SHA512
00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4836 msedge.exe 4836 msedge.exe 4924 msedge.exe 4924 msedge.exe 4900 identity_helper.exe 4900 identity_helper.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
Processes:
msedge.exepid process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exemsedge.exedescription pid process target process PID 996 wrote to memory of 4924 996 rundll32.exe msedge.exe PID 996 wrote to memory of 4924 996 rundll32.exe msedge.exe PID 4924 wrote to memory of 2524 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2524 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 2720 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4836 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4836 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4868 4924 msedge.exe msedge.exe
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\x64\OnlineFix.url1⤵
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff849cc46f8,0x7ff849cc4708,0x7ff849cc47183⤵PID:2524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:23⤵PID:2720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4836 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:83⤵PID:4868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:13⤵PID:3780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:13⤵PID:4604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:13⤵PID:4680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:13⤵PID:1544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5492 /prefetch:83⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 /prefetch:83⤵PID:2312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:13⤵PID:4100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:13⤵PID:2076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:13⤵PID:3160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:13⤵PID:4440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:13⤵PID:780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:13⤵PID:216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:13⤵PID:3564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:13⤵PID:4684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:13⤵PID:2516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:13⤵PID:3128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:13⤵PID:4332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:13⤵PID:1580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:13⤵PID:868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:13⤵PID:4352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:13⤵PID:4884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:13⤵PID:4560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1432 /prefetch:13⤵PID:3284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:13⤵PID:4060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:13⤵PID:1324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:13⤵PID:1452
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9372 /prefetch:83⤵PID:4516
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9372 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:13⤵PID:1808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:13⤵PID:3092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:13⤵PID:1324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:13⤵PID:4344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,97278104649531017,2223121789716245091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4952
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3576
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:816
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x44c 0x3041⤵PID:1088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9a1cc6d6-bb8b-4307-aa1f-3e94d4fd8009.tmp
Filesize5KB
MD5070c5c039f5b9db22cc4dc51e4b86078
SHA1bfb3a5a681c1f05e1f255c505b5a2546e4890688
SHA256666154ae4604e49d9c7b6e05135c4410077dd25284b799697d098d552571a5b1
SHA512232573ffa8deb5ebdcf822ca2870c4641c2d04eb7527a512f8b551de5ab56373ccfdbce6ea1f39ae95315bbb1f95f2b45b141a97e8b3914a5e512f2179950b68
-
Filesize
249KB
MD5ca6ce6979514711b3875b2df2714718b
SHA1733b12f38635033c5347e5203c9613a5ae713d69
SHA256319ad59e36ce2063396f5a2edeb65ec856947ef382871338be0ba594249a956c
SHA51215309eb6243f3093a49add4385b3c07d6c392deb648ed989974b9c06f76b97dc9fef7ddaec1d72c31f23004f868144328f725637bd9769ffe26d450207b0bd63
-
Filesize
1KB
MD580a6266b8e44cfcb052988e08b90d5b1
SHA117a070d720661e958d040f81470e860966d5cbd3
SHA256b048cdfd4a9898a88771b450f37ab33ec5ffb0618f42677df5da448c7eea22c2
SHA51259efe0324d840e207ece9e1932cac2a1f77a96347eebfb8d459d559f574e74ed03ad07f49bb493224048ddf241c7350f5ef0558b1d400fd6d74044eed0f78b43
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD55125cc17eea5b232a430317c16beae1d
SHA1c21c3cca94b02ddc5e5626afcffe82de811cc393
SHA25668e4bf16767d26da53d0b8a61c19a11c27101adcf275e69af099d6e539f2dc31
SHA51290762fa3af253885ccd9d4b92525851be6bd250c4b448a8f87270e492ad129dd92a6a5983a3cc63c0cbe9e6008729157ec5dda6b5f2b73daecd8dc244cfec9cd
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
6KB
MD559a5417d8f3be3453a9cb2b46f4e0c61
SHA1f6e4ef73e56b095add5de7f511c15c7a0c2a8bbd
SHA256457691e2a1ebe43d731523442c2da6615c08d3797a3c1e4148ee532a0b404e14
SHA51240f7f49a3bcfea514efc5203207cfef433cf69848c807ca8de155c0dfe4f529e64174cb8dfe17b835ea56aaaac6b10cf6624aa6ab41b573a1cc18416d47ddc17
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
9KB
MD5a7cb09bf5088683323c9130f85c1e46d
SHA14333c2adb63aa5787e9bd80855cf78e53961a107
SHA256ed5390cef044b15562a9c0dda19b7611e5dc78c4ffb88f68a9c4b04d286871d4
SHA512565dabc01377604738a5bd7a9fbb0534fd54e7d299731b2cdd9a28177bc23dd6c16bfa9a63246560111b113fa9307d4e2633a76b932c70c6c9eb9614ab5db31d
-
Filesize
2KB
MD58bc46a9e406e71c876e1bb00a290cd3f
SHA103783b36542e620fea4d6ac469618b72d6f702c9
SHA256b902cac1203078e9b60ae9fd6b99f611c78f1b36fbe21c31b3050be7a14e4ee9
SHA512941ffbbbaa29733e5858674b9615779756287b4723747e4b32e482c583a2d0b90ae93737e41445f031d1b19da9ea392e4702a7ce3dbe8833b3f30b6a00c46910
-
Filesize
2KB
MD58738c899f52723713f9e0d8422535a47
SHA119d160752e395cd145d54030178ca4ee4c04b724
SHA256b4fe8006762ea0b47d4dd954252f744f064c10cc02b4c382b7d24ed56001047f
SHA512f1bdba54fe83a943381ac34f8b6001b63db0f676c12d51d024faead90bf744f31473856a5c4c3eecfeb5eecc78bd47039fb00ba85a430d9bb5d6e41077e17d12
-
Filesize
2KB
MD5a2115b7cd1b80321a1fed7d546061e24
SHA1922e45bb2fb5050fc0a536940003a6e63ade377d
SHA25677ad1733acd495f9b6995d9d1f69dedf4b9c51b0e972ea8171697bdb694e7a43
SHA51204c09c6bec634a2b4e720c6317969b20916459af1daba03135728e0d4063df0448fcb56af1db57cc77fff0bdd19ef181c53e5cc8f6c492bcf97c50b20b70f2dd
-
Filesize
2KB
MD55be8f2389d4209a215b1fdde927f799e
SHA11ed37a1db165937489919a75b94194db55a7c9ad
SHA256400443999649c15f08f23e5e73700f153148a34fafdfd917fa28614d63b8193a
SHA512878061960808c71db2154c667eee15d546e06e40181589eaf27814c24c2e91ddc91ef458ebcaa493b2cb70452564fea26934d5fbfe4b3b616f47ca2526afaa22
-
Filesize
2KB
MD5a720db2c94a3376dc51e5b7850028694
SHA1f5f7429fcdb1d2613d3f446e311d8aef51dba9e4
SHA2568ad8fd7621e680435deed770b9b0c6cf321c6e34379de0c4f02cf7883eb9d3d1
SHA5121b949260bdd09a5a8f48a43637a1e639c168d18aa2a5e547b7b061d8524fc5f7dc8561b646712d4f26089a277211b1df6d7221699375b09353eca744529c5afa
-
Filesize
2KB
MD58517b675445dd035091ecb94af27f76e
SHA10ec7dd6d855df6e4bfc79444478d6fa98403984b
SHA25686cd5522f2f2c76c09d2b78516a30af642b2a5a6a246fea579d82c12d7d32e04
SHA512d57fd73e70a3cb4450ef845b36f24513e9eef4491e419f4c461e190bb69c1d0171f82d1d12abeb3389c471d1d0fb95b89e4424fb07c35c5538f88733380f8cd2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51a05909584bd1b62d404f7b3fcf88a23
SHA171359c09b7d65eae6bafd301f89a362dceeea653
SHA25658c994295eca9346a6a7f1808ceaab9a882e38cad436081a7de2b3d13a1f4119
SHA5124b734e7ed1f96f67670d76d5bdfc89e5fb347a71fb6619bda33173158213481894bbb8dd83152536a9c0bae3983b077dcbc9dc961550d841583b10e817fb01cb
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e