Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
02/08/2024, 19:39
240802-yc84dsscqd 8Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02/08/2024, 19:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://waveexecutor.com
Resource
win10v2004-20240802-en
General
-
Target
http://waveexecutor.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
pid Process 4396 WaveInstaller.exe 2860 WaveInstaller.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
flow ioc 11 discord.com -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaveInstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaveInstaller.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 912183.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1448 msedge.exe 1448 msedge.exe 5016 msedge.exe 5016 msedge.exe 1844 identity_helper.exe 1844 identity_helper.exe 2960 msedge.exe 2960 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4396 WaveInstaller.exe Token: SeDebugPrivilege 2860 WaveInstaller.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5016 wrote to memory of 4812 5016 msedge.exe 81 PID 5016 wrote to memory of 4812 5016 msedge.exe 81 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1996 5016 msedge.exe 83 PID 5016 wrote to memory of 1448 5016 msedge.exe 84 PID 5016 wrote to memory of 1448 5016 msedge.exe 84 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85 PID 5016 wrote to memory of 1872 5016 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://waveexecutor.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1bde46f8,0x7ffd1bde4708,0x7ffd1bde47182⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:22⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 /prefetch:82⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:82⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:82⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6464 /prefetch:82⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1272 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2960
-
-
C:\Users\Admin\Downloads\WaveInstaller.exe"C:\Users\Admin\Downloads\WaveInstaller.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4396
-
-
C:\Users\Admin\Downloads\WaveInstaller.exe"C:\Users\Admin\Downloads\WaveInstaller.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3596 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4997432750522775348,1006774253886196714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:2680
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2960
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
504B
MD50e448b92f2db0b062f2ff899a63a58a3
SHA187f359521dd094d781ed7ed272b818287ad3eb29
SHA2562d76f86e1867fcc06413570c1cb4167b59eacb1a2e66fe9e59b7e0495647061b
SHA512827ed21d97524ce161c46b16857b35f1218a6afaaceda2393e3dfc031170dbd1217a1724b20ac62e93bc126f4220fc5dde9f0a97d44480520ec6268a63fcc064
-
Filesize
1KB
MD5811ce2c3f7aa8b7e380a1a44f6bf9339
SHA1efdc585ebdf4ad9c67d1c00e8484c9e307ea195d
SHA2563dfd56750f8b5b93d09c0bb12d43fae8b2e71a0fdc2c5a3775cb4eaf66bb865b
SHA512a3a505e5c21e4cee5842d0b5b8e58108c7daf05aee93dec298b72dd75a8f86d43634ae03de55912e29224e8cf730b3b141d5f5e777beca213f3dda2158ab1dde
-
Filesize
6KB
MD5ae46f4b46d6f57a694ec5717daa25553
SHA11ca943fce026ed391fe3928025b8f4bc8944c808
SHA2563a12080f72c3c761658df3884162543a0777e9714fb47377b8853082a3be3782
SHA5120fe4087eaacd70637f2a8bc940eb8101dca5dfc3cd97dc7598a61f979b3c2d4cf2d0e8f66e5da51073cc41d7fd2b9f56a3928e0b6e14f417fb5e8715ea1e5736
-
Filesize
7KB
MD5101cd6d1b5547f3bd42f6ebab277c6fc
SHA15eee22f65613a36259a9e19cbbd2dd8b655cc185
SHA2564bd52503ff9483eae2babe8551f26aac3d01dfe1b81fb3f059f0dd15af174827
SHA512aad3c2f4ac18976e988963215714fd7e7f8e926bad62cc0f322c91f582e0290babe6e87de968e410577b1bb16826b1911d873819e46a972c80ab4f42cf136c1d
-
Filesize
7KB
MD549822a072fe36b82b1f6e2797dd0e85c
SHA136a6ec8a1dcd57c918b34718e44d17b894cd6603
SHA256e930ae449532c66b3b14bed375549c5f0a1f325e675a1fbc756e482ade6f006a
SHA512e10bf038690c07cf00885978bdbb98ac763163d6827307482b5e884ca0b4dbdb09e94f56f2f445748ef3e5c369cbb40cd8785defd2c11a8a80ba8a46665c743e
-
Filesize
8KB
MD5be51432947ee79cd0d75dcea768fb7e4
SHA1f8c336ef7388f9828920be7ee09d0e4cc4e40a76
SHA25637ea82c635d57f0cd58fe76e5caca7bbc7912a821cdcf7303511393e842ea5b9
SHA5124e09f18686c86ee69b6c57075f7b42bf89ac0ea80f022a21e71e07f404c10dd582ab482712af4f8fff39fbe28c70d03eceb87e5ca54548dd751508149a80a0d5
-
Filesize
371B
MD51032fe06d6399acff6b62bffec01e2e0
SHA197741762297996871c5c333f4eb45931a981f628
SHA256234ed4d74dbc5ae0f077d899ceddd7f1d9c3a8edee3da91b41109d4ce24110d7
SHA51286aa57d0fb35c4372fac1132bc27aba412c29e80a697b5087334d8e76bb4d1dd27893bf71c9290c03cfc06f9d22685efd109a56b748b87ae877830031139fd01
-
Filesize
204B
MD58122064d787f9733d2262d2168eaf75b
SHA13454325487011befdbd612ca7a53a452959eac74
SHA256e8f948a26be8a9aa667f2f867449ed5e65adfc870b2300c4abda33a02be5fb0f
SHA51277da3673bb92167faa82e6599b174c34ce647f4c8440611f1bd17c0dc9eed17d110c8c8a43e2cce225700952ed7aa7fc72d4ab2203d3ff7071738c74d9e6768e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD55d84c8b02db8c90771e77e18f1cd636f
SHA14eded3641eca60292cc0c6920ff10b7bd5b9c5af
SHA256ca1a67a55691e598e0939f93ec59d9fb7c7c30ea945eed4cfe3ddbf2b7382df9
SHA5122819a29a5b3b84053fcb7a63f32131cd81c34d04d78427b3714774b8b4c9153a4f60af6105b6adb59df0879166883876ed6d9330044148d8894b02c74d06adee
-
Filesize
11KB
MD528b33ad2a2133b9f55a9ea6b91effb87
SHA1f2bdcdf8e1dac5ad2478b5463ce63e205c6ab181
SHA2568851cf4d860d3702e681c20d84c2b5086de3a74da486888379b738e37a8bbe6c
SHA5121769b602444a6996289e61f8bd8bed998b5efaedab5800053fbcfb3a926d95fe8dfbd92b783a9740ba8f92aa17fe5d5abeab205186bc915acec4aebb0bbb99ee
-
Filesize
2.3MB
MD58ad8b6593c91d7960dad476d6d4af34f
SHA10a95f110c8264cde7768a3fd76db5687fda830ea
SHA25643e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab
SHA51209b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686