Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
-
submitted
24/06/2024, 18:41
General
-
Target
https://www.mediafire.com/folder/ccjkbni6ucoj4/NovaCheats
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs
-
Suspicious use of FindShellTrayWindow 42 IoCs
-
Suspicious use of SendNotifyMessage 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/ccjkbni6ucoj4/NovaCheats1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91a3a3cb8,0x7ff91a3a3cc8,0x7ff91a3a3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7632 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13301379634397158749,7391610033085920154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4648 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
867B
MD5c5dfb849ca051355ee2dba1ac33eb028
SHA1d69b561148f01c77c54578c10926df5b856976ad
SHA256cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA51288289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da
-
Filesize
242B
MD57f5156a82ebec772b5edc7d83d7d261b
SHA108da2ce045daf0e498f46b0532c113e1603a5873
SHA256eb0e9a6f5244643cac8832f452f0a54f696bdbd4fda0c2307201f217f344dd05
SHA51216719d0cda879327f39fe8794cf349872a7c812c7ae68bbab9bb2f3a41c4a3d83787da8e295ae15f2f8c7e4fc7c69fb251f31da2c3031e1b9a25679d7e052cf9
-
Filesize
152B
MD564f055a833e60505264595e7edbf62f6
SHA1dad32ce325006c1d094b7c07550aca28a8dac890
SHA2567172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99
SHA51286644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a
-
Filesize
152B
MD5a74887034b3a720c50e557d5b1c790bf
SHA1fb245478258648a65aa189b967590eef6fb167be
SHA256f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250
SHA512888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3
-
Filesize
204KB
MD5081c4aa5292d279891a28a6520fdc047
SHA1c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA25612cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA5129a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69
-
Filesize
2KB
MD5c44f56df3163f96333b57299a530d540
SHA113ca2d13ccab3d757be8cc3fa4d9c302f1e631c6
SHA256469efaf2ff2f5feb29b11d0d26a9d3ca37eab69ec8927a7133cb1781930611c7
SHA5122dcc58681358ff1ded936892372eaca377c262871657f3f055a5ab8169f247658addb99220015e4ff527a50d501c7648a974401c05767ef8e93e4f39c5070142
-
Filesize
2KB
MD5d1dfe7ea0f2ba873851a36a9957f1d36
SHA1083a64b855ec447000befa0d6d20ef14be01e767
SHA2561f55ff227dee241fffc7a501819cef3b678e51bdbbfd85d6c13b5dd1a7761575
SHA512166d21f938c4a8d14348b0576b1f18dba3722cae40a9d1b2cc9cb04960677260b45df4c6ba181d58fc5867a77dc9d25aefc643ee05a39c6c3c185157370105b0
-
Filesize
12KB
MD5b579c8c27bff2f10552500dc4d76fd8a
SHA1111bc2a7018b4b4fc11a1b5a9cfa81bb7e30b0f4
SHA2566ab7fcc7b02948834e1e954ae0f00948eac9948f0354e8861ba0718367fd5021
SHA512e637ba9c9f0b51b72de4959b91e30474173e805e9624d6450a5aecaf05c62bcd62326aa585b4c907c885cdd2452f09c52e8a05a8241a13732e9436714eab7803
-
Filesize
13KB
MD5a5d8ee9859f2af110a049e3c8032cb96
SHA18edf90b14f464f907d3d98091882c5e288558e28
SHA2567958c0fb06c49ea5aa1baefa9b4be6732cc618f2249e2bbbbb2b9552ef8d468d
SHA512e7b55a20142f134ff0cd5fb1352c687db888ea5db1c255b9bb7c654cf6ca455f8bceceee1460f184dcbd2bbf13b18af990ba3b9994179e9668d49636b2f2e88d
-
Filesize
15KB
MD56bbebc89e5efb189a5d40de3ccd5ed5e
SHA149f7ceafe980d0a45f04cb01a1c6402f8093b236
SHA256a15ec11f5e99f85c52648b7f58a6ea7ac74408fe1d3b24b143800ad445d1e64a
SHA512ff0d2a14f1179827b014e61e916a0fd74fddb0f8a0970e7141a925dc3b300123b4343770f6ed3de644dbc164960ac6187ebdb8c9daf692c7ac8c9485ab37bd07
-
Filesize
7KB
MD5e91602477a52ca7c9f9a9b4a3311cf73
SHA187470c5068180ef6d3fd3b4e9a3ded9ef5b7a677
SHA2561dc5c41f86dba9ccc13829a9ebaccd154024f96668b167f2057b9dc0e351f107
SHA5128af3ee92a2bb0a5039211d482a47d462dfa92cb119a293170f1891b90833958a8176c6f2f4dbd67cb71a44f264b74544235939c3a6c48aecc09f641e717e6d9f
-
Filesize
5KB
MD52d1fff6a2700f1d65e9dc543aa50d43d
SHA1710224974172ba3fab22257c1ca660cd2d209f59
SHA256c1141083519c58e859bc6cfc207a9039174117c725ba4bc8d06404cb0e51b772
SHA512722f2fe25bf30e67662a05059a4de1d6eeb6b43d8ab4b790a263f37a501b91d9c9317feb4019ec7a5d22b600000c5a0863909e47c2a7e6c23c9efda82af2f13c
-
Filesize
15KB
MD5802f7a921eb71a6f17fb77c08110f098
SHA12b412b89bb450b6f97712b57c86c4fa2f5c98ec7
SHA256cf5f48cd7ee2e11e024269fbe317b65a26bdf9f60a84b6fdfe5b337836e0d2dd
SHA512d2006af2a28e4f27381dfb0a14edb9efa9d1656c425e411ccd0759e6a0089163ccdd7781c891f846d903723234a1375fa88ab3d849a64130ca9be5ce7b6975ff
-
Filesize
4KB
MD5cf0545e571fab435c483062f6d7d404b
SHA1b652250b41d8f2431ddda09e53563bf23e9689f0
SHA25633e262d349471ad6536a41e06e22823f2d05a45f582d2f220ac31e458d8bac36
SHA5126a0f866c1e87e509687222e685eb988b543a53a8cba285e54fd6c516feb3b5e375853b86d74f7aa6f8a56d6873669352b3910275a3f57bcc15ad19ebe157711b
-
Filesize
4KB
MD574a9babb49b0ead037ef6633c4a57d1e
SHA181db52256828046bde5ca6fb2031b2c620f2c1b8
SHA25606cec1b13391c07cdd2db7787cffacf0c764ea2c979aaea0d4a2273adfbddf8a
SHA512f1b5dd92684dfe9942c3921018df4a4d137415e3e4b4b2a01b008602a200ec4091f7340c4c39ed8e393dfbb1b6fd6abcfe03a70592d0fc737595de13862eeb48
-
Filesize
1KB
MD5b6ceee21615a96041a227ccdc413790d
SHA1f45784f131c4c01de79876bef16848b7f35e4ee9
SHA256e13f5b9ccb239fa491ad13b0f6473118c19522acfa15f4ea16067aaeedf4bbde
SHA512b13992baa0305840d32661e24603d8da9992ffed69aa1ff707f3af16b24f6478f5624eeb01e205320a33b8687bcbb204b992e2213adfcb053ab70e29cba74d2c
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5cd3f20253d34f72ceecd0bd6ac64e536
SHA1d9869989d318b96eb3bae192b5975d54a9c6fcd5
SHA2563363bb7adce7cd230ce706b2aaca5f81cec44cd94a637405ff959774c0714ed6
SHA51292406d84c206a59855015f63261f7968feff76fc3a0810cd11d237f3356871602622f7040cbb41fd5057851093b6d7af90b11818b94fce837870a883874540ac
-
Filesize
12KB
MD5982ba2267699c0a0062b4cea7836b298
SHA11dbff64ab10f6615bcafb789c47a27df666b0cab
SHA2561ccbcf230c3a5e32adabbf5c5e001cbae04b733e51ae21c702fba8614a083537
SHA51220f9ad82edb0340a8cab55fc198122b001095e6f112ed5f74c8f9b35ffba9cae5e0700fdbbbd6c195060652801ac9b1bc95e4c7016795cbccebf9174d2a0aa25
-
Filesize
11KB
MD5f55cb37c03c25bed17660232d14e518d
SHA1f3e956e49389e3fac5e9ee28d30d8b52717445cf
SHA256eec82b8416b531bfc0be4761f1beefaf02f58b0a60362e092ad49d734a4aea35
SHA512fcfc0c06ce943db6c4355e4edbd0fdab361fa682c333e2ad6b2314b3690a4b02eb42db3f48dc2d169657fa20c84918bc3a03f9aec9e7350c2e3d8fd008170b9b
-
Filesize
12KB
MD5283b1939d2e923707f223d5b777da38f
SHA1e018d6deeb66d940b90303ed421697426252813f
SHA256fdf95ed8b461d20e4831b708c65e3f2c232f3a147ac4a361c076b85642f05bda
SHA512072b972fb0679ebbea73414b7046512c41f8ad02bb6c2d2a27886eb9af3d3931f69fbb5e0206740ce845cde37516bbbe13f8aef8821e9c26e55ffca5fe7c1b33
-
Filesize
11KB
MD5bbbb573a8dfc8854a13948a3feafdd44
SHA1b6826382bcbf7907ea46cc97959c2ef19641fd2a
SHA25687890c10ee2d4ed09c742e1017f751beb7dcc7fd0ef7f6d56a00cdd2f48f2fc9
SHA512e4a3d0beb8eb719a2ae032d556644412fe3a5447ade0deba7fef30feaa0f6dc1098ba93e291e81cdb9588aeaf32f9a12db1b9e534108a36419a83e43c9d73c35
-
Filesize
427KB
MD5f793d1ea29285c6d86f9c6490ea3c659
SHA17df7b9dd9c4e96b4c3c5424ee415dbf74ed09dd4
SHA256cbf3bb8087f3c1a407d4606177eb496e5f105a0f0962116b746d263db06cd610
SHA512452292a16fd4a51a3888c5677658d3634f7fd31ff0a7579ea2eac6272f857a73770fe2e0313e95547a8c2b66245e4cceb5388dfdb9c9819a05741643734fea48
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98