Overview
overview
6Static
static
3TrianityRe...ct.exe
windows11-21h2-x64
1TrianityRe...se.exe
windows11-21h2-x64
6TrianityRe...pet.js
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...sample
windows11-21h2-x64
3TrianityRe...x.html
windows11-21h2-x64
3TrianityRe...bap.js
windows11-21h2-x64
3TrianityRe...cli.js
windows11-21h2-x64
3TrianityRe...bat.js
windows11-21h2-x64
3TrianityRe...igo.js
windows11-21h2-x64
3TrianityRe...ure.js
windows11-21h2-x64
3TrianityRe...cpp.js
windows11-21h2-x64
3TrianityRe...arp.js
windows11-21h2-x64
3TrianityRe...csp.js
windows11-21h2-x64
3TrianityRe...art.js
windows11-21h2-x64
3TrianityRe...ile.js
windows11-21h2-x64
3TrianityRe...ecl.js
windows11-21h2-x64
3TrianityRe...arp.js
windows11-21h2-x64
3TrianityRe.../go.js
windows11-21h2-x64
3TrianityRe...hql.js
windows11-21h2-x64
3Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
21-08-2024 21:44
Static task
static1
Behavioral task
behavioral1
Sample
TrianityRelease/CeleryInject.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
TrianityRelease/TrianityRelease.exe
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
TrianityRelease/TrianityRelease.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
TrianityRelease/bin/Editor/.git/hooks/applypatch-msg.sample
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
TrianityRelease/bin/Editor/.git/hooks/commit-msg.sample
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
TrianityRelease/bin/Editor/.git/hooks/fsmonitor-watchman.sample
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
TrianityRelease/bin/Editor/.git/hooks/post-update.sample
Resource
win11-20240802-en
Behavioral task
behavioral8
Sample
TrianityRelease/bin/Editor/.git/hooks/pre-applypatch.sample
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
TrianityRelease/bin/Editor/.git/hooks/pre-commit.sample
Resource
win11-20240802-en
Behavioral task
behavioral10
Sample
TrianityRelease/bin/Editor/.git/hooks/pre-merge-commit.sample
Resource
win11-20240802-en
Behavioral task
behavioral11
Sample
TrianityRelease/bin/Editor/.git/hooks/pre-push.sample
Resource
win11-20240802-en
Behavioral task
behavioral12
Sample
TrianityRelease/bin/Editor/.git/hooks/pre-rebase.sample
Resource
win11-20240802-en
Behavioral task
behavioral13
Sample
TrianityRelease/bin/Editor/.git/hooks/pre-receive.sample
Resource
win11-20240802-en
Behavioral task
behavioral14
Sample
TrianityRelease/bin/Editor/.git/hooks/prepare-commit-msg.sample
Resource
win11-20240802-en
Behavioral task
behavioral15
Sample
TrianityRelease/bin/Editor/.git/hooks/update.sample
Resource
win11-20240802-en
Behavioral task
behavioral16
Sample
TrianityRelease/bin/Editor/index.html
Resource
win11-20240802-en
Behavioral task
behavioral17
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/abap/abap.js
Resource
win11-20240802-en
Behavioral task
behavioral18
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/azcli/azcli.js
Resource
win11-20240802-en
Behavioral task
behavioral19
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/bat/bat.js
Resource
win11-20240802-en
Behavioral task
behavioral20
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/cameligo/cameligo.js
Resource
win11-20240802-en
Behavioral task
behavioral21
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/clojure/clojure.js
Resource
win11-20240802-en
Behavioral task
behavioral22
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/cpp/cpp.js
Resource
win11-20240802-en
Behavioral task
behavioral23
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/csharp/csharp.js
Resource
win11-20240802-en
Behavioral task
behavioral24
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/csp/csp.js
Resource
win11-20240802-en
Behavioral task
behavioral25
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/dart/dart.js
Resource
win11-20240802-en
Behavioral task
behavioral26
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/dockerfile/dockerfile.js
Resource
win11-20240802-en
Behavioral task
behavioral27
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/ecl/ecl.js
Resource
win11-20240802-en
Behavioral task
behavioral28
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/fsharp/fsharp.js
Resource
win11-20240802-en
Behavioral task
behavioral29
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/go/go.js
Resource
win11-20240802-en
Behavioral task
behavioral30
Sample
TrianityRelease/bin/Editor/package/dev/vs/basic-languages/graphql/graphql.js
Resource
win11-20240802-en
General
-
Target
TrianityRelease/TrianityRelease.exe
-
Size
18KB
-
MD5
c48f4c9c7241554599b65b20f2b09861
-
SHA1
7a8c04746b82c3af21e280bb708970e2d41a31e9
-
SHA256
9a64be465aec45989cd84d8950737ef24eb356e7639f1d9ad2627552ddcfaad6
-
SHA512
b7ce13d5e5f43eae2dda7b3bb4daa76d8c0dcdf3f8430f45f8ce6c9875c19079ef0d1b510965b4b800d2641a0ccbf2eed571a978b40a3236887baf57f39bfa79
-
SSDEEP
384:5sSJTl6fXeetEH2eg9Exwd5lps41+qBpELBZSdB7EmbaXTEO/8z11VN2kvwKwq6C:uPEWeg93lpaLBeBwXn851b9F
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
TrianityRelease.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language TrianityRelease.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs
Adversaries may check for Internet connectivity on compromised systems.
Processes:
msedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exepid process 3132 msedgewebview2.exe 2220 msedgewebview2.exe 4928 msedgewebview2.exe 3844 msedgewebview2.exe 4908 msedgewebview2.exe 2604 msedgewebview2.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedgewebview2.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedgewebview2.exemsedgewebview2.exemsedgewebview2.exepid process 244 msedgewebview2.exe 244 msedgewebview2.exe 4908 msedgewebview2.exe 4908 msedgewebview2.exe 3132 msedgewebview2.exe 3132 msedgewebview2.exe 3132 msedgewebview2.exe 3132 msedgewebview2.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
Processes:
msedgewebview2.exepid process 1124 msedgewebview2.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
TrianityRelease.exedescription pid process Token: SeDebugPrivilege 3668 TrianityRelease.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
msedgewebview2.exepid process 1124 msedgewebview2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
TrianityRelease.exemsedgewebview2.exedescription pid process target process PID 3668 wrote to memory of 1124 3668 TrianityRelease.exe msedgewebview2.exe PID 3668 wrote to memory of 1124 3668 TrianityRelease.exe msedgewebview2.exe PID 1124 wrote to memory of 1540 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 1540 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 2220 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 244 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 244 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe PID 1124 wrote to memory of 4928 1124 msedgewebview2.exe msedgewebview2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe"C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3668 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=TrianityRelease.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3668.3052.63554184549125948732⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1124 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ffab1fd3cb8,0x7ffab1fd3cc8,0x7ffab1fd3cd83⤵PID:1540
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1860,7784042714693908750,12398103475084495167,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView" --webview-exe-name=TrianityRelease.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:23⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:2220 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,7784042714693908750,12398103475084495167,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView" --webview-exe-name=TrianityRelease.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2064 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:244 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,7784042714693908750,12398103475084495167,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView" --webview-exe-name=TrianityRelease.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2484 /prefetch:83⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:4928 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,7784042714693908750,12398103475084495167,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView" --webview-exe-name=TrianityRelease.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:13⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:3844 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,7784042714693908750,12398103475084495167,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView" --webview-exe-name=TrianityRelease.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3896 /prefetch:83⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4908 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1860,7784042714693908750,12398103475084495167,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView" --webview-exe-name=TrianityRelease.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4568 /prefetch:83⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:2604 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1860,7784042714693908750,12398103475084495167,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView" --webview-exe-name=TrianityRelease.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5004 /prefetch:23⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3132
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1640
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Crashpad\settings.datFilesize
152B
MD5ae342f1ec869f5a7107f55105a8bb484
SHA10c045afda3819c6061f2e8255ec0b7cf64a20878
SHA256d2156f18cbafa8aae7a45bce4ad6870a73e5494db7292d911701531aad6790d7
SHA51288dfaec0f71e85d83551e15d77417730bffe78c04da9995e1c5b7dddc2ec21df1d330785c863471ca32ed9479fbbb5ae4133b5dbd5e031cf2cd629cd887b0ea1
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Crashpad\settings.datFilesize
152B
MD581926079d25dd902e134496c231ee9d8
SHA1986a5e830c170ff9793dc77ba0bd1be63573a359
SHA2565c8347ec129b0a2b475f8c7e429dcf2ded3ac4ca3e36f94c64cbfbfdf0a07a26
SHA51226150e0153e7c558e064074b33a9bc371230cd02e53143bd8b5d4b5530447d63ffa7343eab5b153ae1b4c4582ce699ccb25016eccc32c2d56a10f943d3915196
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Default\Network Persistent StateFilesize
299B
MD5df924324dee156cd9054d5f8b100dadf
SHA1fd893b2b44987f4603aebf1036020797a16406a0
SHA256217d36d69b7b2cc169eaf8c179568682a552b2687434aa9bcd4a5ffd908de003
SHA512e7304eaf69b87b92bca5bd04a4c02944949403b05c3986fed09cad46381c8874562676d79b292869889982e3b929cc3981a04a41f53327cc03f3622662701baf
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Default\Network Persistent State~RFe58c5ac.TMPFilesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Default\PreferencesFilesize
9KB
MD5c5a05543f75f80f4f16618cb5d458990
SHA1da391f7056d3599d851482756e06b315dbccfb2b
SHA2568442f6dd76592eaa1aec8d2435e2c0752d777d16783e83bb22a1c1cdec63527e
SHA51244c9069bc4f7415c74663ac0fe765714d3d9e5a538f11b2c8b4800a2dc97dcf4e7164a1be0121d65366698108408d3be7353d8726c82b15e40e6d71dd1b23c41
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Default\Secure PreferencesFilesize
6KB
MD5eba9f454d1761a6883703cd6003f9542
SHA1601a35d7563db9bfc7707c797def2c691af64220
SHA256745a09ad9a79a1aab4ab598bbe88bda54c3861574bb2ac036eca017992967172
SHA512343fa4fd975496e1bb9ac3bf98ab30f2209a4028180d5cd1e1281f5cd4e7d1a17e10fc90ec0cfa43b7692d029bd1754c55d2c2a2a1fa3e3b690032aebdd5f8d0
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Local StateFilesize
24KB
MD5f44ac540f38d338def97182cf8b33153
SHA1c44caf2a84a83078d4da2bfc97c65ca597e54afe
SHA25667dfc2762f1aecd52847fc58fbf7305ab0c7f49bfb80e79e6d843c6504b3e603
SHA51229a65eba60faf6040d69c2a9155eaa942c2aefe740a4233727f8b10d146a4ce5fc09c9a9ac5ba0539c8a3e40338a4696a6316f11c869987c3fea6a742e025785
-
C:\Users\Admin\AppData\Local\Temp\TrianityRelease\TrianityRelease.exe.WebView2\EBWebView\Local StateFilesize
24KB
MD5cb0bc9abf4d8c16813b54c1cf4d20822
SHA12f4ab81fa15ad7f835c3b8da5cc0d0a1ef4ba63b
SHA2568f04b36e30b53d98ae1a15d4591c38b1193ba8e7922cfc0882d32fd1e437a45f
SHA5123650c8a0ed444263b517edb96695442c3947ad2dfb82d10bd4923ea2c13f6889cd15c2faf83b41b273721a935d627f55ea9dadc649ee9fc93baef9a98e8bdc32
-
\??\pipe\LOCAL\crashpad_1124_OEPXGZOWAAVEDULUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2220-30-0x00007FFABF980000-0x00007FFABF981000-memory.dmpFilesize
4KB
-
memory/3668-6-0x0000000074B30000-0x00000000752E1000-memory.dmpFilesize
7.7MB
-
memory/3668-7-0x00000000052D0000-0x00000000052DA000-memory.dmpFilesize
40KB
-
memory/3668-11-0x0000000074B30000-0x00000000752E1000-memory.dmpFilesize
7.7MB
-
memory/3668-8-0x00000000052F0000-0x00000000052FE000-memory.dmpFilesize
56KB
-
memory/3668-85-0x0000000074B3E000-0x0000000074B3F000-memory.dmpFilesize
4KB
-
memory/3668-86-0x0000000074B30000-0x00000000752E1000-memory.dmpFilesize
7.7MB
-
memory/3668-9-0x0000000005C30000-0x0000000005CC0000-memory.dmpFilesize
576KB
-
memory/3668-14-0x0000000074B30000-0x00000000752E1000-memory.dmpFilesize
7.7MB
-
memory/3668-0-0x0000000074B3E000-0x0000000074B3F000-memory.dmpFilesize
4KB
-
memory/3668-5-0x0000000074B30000-0x00000000752E1000-memory.dmpFilesize
7.7MB
-
memory/3668-4-0x0000000004DB0000-0x0000000004DD4000-memory.dmpFilesize
144KB
-
memory/3668-3-0x0000000004E20000-0x0000000004EB2000-memory.dmpFilesize
584KB
-
memory/3668-2-0x0000000005330000-0x00000000058D6000-memory.dmpFilesize
5.6MB
-
memory/3668-1-0x0000000000340000-0x000000000034A000-memory.dmpFilesize
40KB