Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows10-2004-x64

8

Resubmissions

11/08/2024, 18:12

240811-wtfr3a1dkj 10

11/08/2024, 18:09

240811-wrnpws1cml 8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/folder/v6itahr4p07b1/Files

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/v6itahr4p07b1/Files
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3112
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa62ab46f8,0x7ffa62ab4708,0x7ffa62ab4718
      2⤵
        PID:3684
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:864
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1824
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
          2⤵
            PID:976
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
            2⤵
              PID:5052
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              2⤵
                PID:408
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
                2⤵
                  PID:3880
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
                  2⤵
                    PID:4848
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                    2⤵
                      PID:2632
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                      2⤵
                        PID:1404
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
                        2⤵
                          PID:4088
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
                          2⤵
                            PID:2920
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
                            2⤵
                              PID:4260
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
                              2⤵
                                PID:5192
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6564 /prefetch:8
                                2⤵
                                  PID:5448
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
                                  2⤵
                                    PID:5456
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8
                                    2⤵
                                      PID:5788
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5944
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                                      2⤵
                                        PID:2628
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
                                        2⤵
                                          PID:4492
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                                          2⤵
                                            PID:4376
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                                            2⤵
                                              PID:1936
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                                              2⤵
                                                PID:1364
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                                                2⤵
                                                  PID:6140
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
                                                  2⤵
                                                    PID:2964
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2080 /prefetch:8
                                                    2⤵
                                                      PID:5592
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1992 /prefetch:8
                                                      2⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:5588
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
                                                      2⤵
                                                        PID:5712
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
                                                        2⤵
                                                          PID:5732
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
                                                          2⤵
                                                            PID:4268
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
                                                            2⤵
                                                              PID:3456
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
                                                              2⤵
                                                                PID:5444
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
                                                                2⤵
                                                                  PID:4496
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
                                                                  2⤵
                                                                    PID:5404
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
                                                                    2⤵
                                                                      PID:5428
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7496 /prefetch:8
                                                                      2⤵
                                                                        PID:4928
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 /prefetch:8
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5572
                                                                      • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                        "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:4312
                                                                      • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                        "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:3860
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7888 /prefetch:8
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5412
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17416617376654577901,11345078542793283357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:3260
                                                                      • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                        "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:2120
                                                                      • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                        "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:4520
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:1888
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:5020
                                                                        • C:\Windows\system32\werfault.exe
                                                                          werfault.exe /h /shared Global\316b74db938c4466bf0972dd81077e72 /t 4048 /p 3860
                                                                          1⤵
                                                                            PID:3188

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            ab8ce148cb7d44f709fb1c460d03e1b0

                                                                            SHA1

                                                                            44d15744015155f3e74580c93317e12d2cc0f859

                                                                            SHA256

                                                                            014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

                                                                            SHA512

                                                                            f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            38f59a47b777f2fc52088e96ffb2baaf

                                                                            SHA1

                                                                            267224482588b41a96d813f6d9e9d924867062db

                                                                            SHA256

                                                                            13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

                                                                            SHA512

                                                                            4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
                                                                            Filesize

                                                                            33KB

                                                                            MD5

                                                                            1aca735014a6bb648f468ee476680d5b

                                                                            SHA1

                                                                            6d28e3ae6e42784769199948211e3aa0806fa62c

                                                                            SHA256

                                                                            e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

                                                                            SHA512

                                                                            808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                            SHA1

                                                                            eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                            SHA256

                                                                            e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                            SHA512

                                                                            37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            044d6d46c293381617c6cb1113fb1ae8

                                                                            SHA1

                                                                            69814e22aa339ac5ce7dafff9d02dea490658eb0

                                                                            SHA256

                                                                            59c70e369cb980a82ea6e63078948ef6d43571df0fc713a9362e97e8c7df6e5a

                                                                            SHA512

                                                                            7e1ddc6a7b8168255b03178f6470c490d8500425960c1f338b90308194fe4252a41cc612b4d53935354aaabcfaf5df3523b801ea39e3018b1d9b7e8c155e3302

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            5062a09d5ec5833324d01247c2ed8f5c

                                                                            SHA1

                                                                            fee00eb7020aef5d4cd813b00eb8b1cde1989bac

                                                                            SHA256

                                                                            bf7a36d63081f6bb614b8a690e1dddfe7eb669788d5ebbceb7b8e973e7227a49

                                                                            SHA512

                                                                            b3b24d32eeb02df639d8f40636bdb6f80d4a4da92df06a7614eccb0203eb0c3d8b3a5d50c209f65942ca1890307aa852a22bfeb6b4cb403d7504f25de9ac1574

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            c930607c59da32f9bd339909c44dd1b2

                                                                            SHA1

                                                                            e69ee930f6786a4e13ee108d0e0696593e0bc328

                                                                            SHA256

                                                                            a5b6623810570c2c7b62fce91800615b52143acc8618a632cbcdcebbc5f78900

                                                                            SHA512

                                                                            e0dc3faca21fb02f3afe0639a0d2f679a2e2da1c0648d09cacb9a8272fcfaed65eabbe7c7b42dd03b9fb82075149bb9745dd8d83244db25f9083f9e858a920f8

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            b1fc9baf8941602cb8517cfdd8b32eb2

                                                                            SHA1

                                                                            6190007c58291bf16195f4bfbc06e6f3adcff724

                                                                            SHA256

                                                                            c4dc78a747a41efde8b303d6b074c2f6308b844c05183e2f18d87342ba78c19e

                                                                            SHA512

                                                                            2b0243c480d4af7ffe992a0285122292cd2ea053173c65d6aa5e412b0dc3c3c7026ca254ea4425065a182ddff0fa210e41d6325173e563bc8ed035618b3c0eea

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            805de86dee826aa6bcdd42ea235c8bbc

                                                                            SHA1

                                                                            de7bfb8158bfe108d79452ad39b18a78f2af2ae9

                                                                            SHA256

                                                                            189862bdc656e521c56a7b3f640aad0cba89ee785de6c8c1defb4435dd2d7a4c

                                                                            SHA512

                                                                            da4dfba82246e3b495f3c279477db72559d1ed2d54919610a6c4efcba47b510b2cf3d22959030411b33472811419a3bde071c1e66f09a0b3ff6e46cb6a3872d1

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            2bf2bd7fa7c01a2265b84cb24810cac6

                                                                            SHA1

                                                                            b1e95e0a3fbd5edfe5ed63f3a9c2d2e42e0f813c

                                                                            SHA256

                                                                            ee0c862809d3c4f40e4f3beff17ae34fad4636d51c6e55eb6551b7cf7c702855

                                                                            SHA512

                                                                            3b19ab03d84e82484f34d4c4a8a1c21b8315ac1bd274ba40e10d3740ebe7abc5894af484994f0edbd58dec275afd26ce2090866b47a1421b62e07bb90b25fe98

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            12KB

                                                                            MD5

                                                                            eb97e78cb0d59ad4c8ffe8dc9d4ee5ab

                                                                            SHA1

                                                                            aca99387b071304e666465d4bc67f891423d8634

                                                                            SHA256

                                                                            afa23a0108df7e879d651a33590b5fea2285a416efe4b09df22730cd0e56c0b4

                                                                            SHA512

                                                                            7dad04c209d8339d9749849771fcc2727e67be709048970f8ea429e667c459810f8d346f0bd5f2c480fc1c1ad146f76349596dd8937e64f795af0d3f4ce46adf

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            901567467bca60055f6274022463922e

                                                                            SHA1

                                                                            d8cc8e5a0a1ae7d4d509a80139af0f1b601132f8

                                                                            SHA256

                                                                            0252af8f1a99ddee63129a1fd452af9eb5504458c06467cbd21e446ae491898c

                                                                            SHA512

                                                                            a3d50492a775d02c2fd87c955c5dd5f564a77db8e1fd2d64a207b9c33caa89549f12349a896f31d6165671acb58388fdf083cea3c525a0cf2057faa9c7d1b605

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            5dd74f075043bde61f40c67b18ae3e83

                                                                            SHA1

                                                                            cb722f1e6aeea3c6619d98f0ae585db68c490698

                                                                            SHA256

                                                                            b829d27a44e23176a40f31050c74caf7a5a54b6a37a13664b8399fc3e51902a2

                                                                            SHA512

                                                                            831d6657feabdcfef6581bb1ad980d334e029343279e5019620117c8f93f15816562bcd12231c846b17e54e0d56ffe2327f87293c5e08f0190dfca38aa2a205d

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            33295f1551985785ba4db8f1b73a358a

                                                                            SHA1

                                                                            2862d9b21e11a123dce4e124088df1bbf592cab3

                                                                            SHA256

                                                                            3ea023a73d7bfc142e5f45d05bd5b98de704a5b9324b825b49b7681755b11f5f

                                                                            SHA512

                                                                            f9386f0fb5ad311803c6628b731220dc615adba5b8d5f5d3a1b75d9b8bb89ada3521e7e2296b0aa5af93955c1f8d3231ef5e43442742d332b169122880f150a0

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dee6.TMP
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            bfb3fa6ceee1b9376ecff3e144a97a21

                                                                            SHA1

                                                                            a0d344a613c67fb2c63591c8e1ddfb2564ec6059

                                                                            SHA256

                                                                            7f736724b18c88703a345a4131f2011aef24a819e43cae878bbf18705d07d4ae

                                                                            SHA512

                                                                            fb047f367aaadb13063d19b843b86a0578d688e35f528d99ca07343f8b9ba7c731682a26bcccf3937b82f4f85b0d5332385ffb6d2fd9057dc7645b8a46102408

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                            SHA1

                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                            SHA256

                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                            SHA512

                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            d5a1cb6da9934186f1b29eaca48dbbe2

                                                                            SHA1

                                                                            94fc4a6043ad12163537f5e6501271da6ca90ebe

                                                                            SHA256

                                                                            63659b092d9b1c6d50f645f06d26ff0aae93081bbfc713af7970e4df49a444a8

                                                                            SHA512

                                                                            02cf68b1d384ccb1ab66f13807e70d0865b31a86cb989309da6de3b5bdbd7ae4d3765a4c9b902b8c39715b4f2447f1675a346b5466b03904633420220177e88e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b0577df8-4bca-4265-ad36-5ee81b8a6c3d.tmp
                                                                            Filesize

                                                                            12KB

                                                                            MD5

                                                                            797bbc2d4ad4b6de3a72e3d87647a604

                                                                            SHA1

                                                                            c5b8625a0ced90d93f3e08324c8e87c4bf4eed6c

                                                                            SHA256

                                                                            5dd441d8d7f92a77f8c692cd13be9804982993db78f8c56522a4d77690b0c3c5

                                                                            SHA512

                                                                            b5a118dc823b8c6f4dd2a10b6c1849e19d4567b782459e6db390358ad588ee8ccb1bdccf91cc7487cf80ae51bc886824a586c0e5a6822abad821d9c392d699fe

                                                                            Download Submit

                                                                          • C:\Users\Admin\Downloads\Unconfirmed 9495.crdownload
                                                                            Filesize

                                                                            3.8MB

                                                                            MD5

                                                                            46c17c999744470b689331f41eab7df1

                                                                            SHA1

                                                                            b8a63127df6a87d333061c622220d6d70ed80f7c

                                                                            SHA256

                                                                            c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

                                                                            SHA512

                                                                            4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

                                                                            Download Submit