Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
21/08/2024, 19:45
240821-ygpwbaxbkc 6Analysis
-
max time kernel
964s -
max time network
968s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/08/2024, 19:45
General
-
Target
njRAT0.7dFixedStealer (1).msi
-
Size
3.2MB
-
MD5
5d74155c3195e27633e1609d45b1ce07
-
SHA1
e1ea143d17a1700867bf1baea72a442109f27504
-
SHA256
5f1b04e4a9cf5e1e3f3e11a4ff712702a102c93be276dd5da9c6927c4808575a
-
SHA512
1d75aa24a3c9e161c36422aa543bbb60491ef5a8f497aee2fb29cb692170b6745b054dcd2ee8f881c68d182db033c04842fe2f1484385870488738d108145c36
-
SSDEEP
49152:+qf/c/f9r84jEHYDgE5e7vxP5Ferq7I5RJK5k1jcB6jWH5XzatCJkH105fASGdvi:tVHYDgpNxFecIC2H16l
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory 2 IoCs
-
Drops file in Windows directory 17 IoCs
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 8 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 7 IoCs
-
Modifies registry class 23 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\njRAT0.7dFixedStealer (1).msi"1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 30D762B95C0F2B24BB2870D5BDF999A82⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1199B24A50021DD8FDE49EF0E1088BB2 E Global\MSI00002⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\Installer\MSIB58E.tmp"C:\Windows\Installer\MSIB58E.tmp" https://seekspot.io/tyy2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://seekspot.io/tyy3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7fff418646f8,0x7fff41864708,0x7fff418647184⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5604 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6180 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1272 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1916994212122638846,12130550265083698648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:14⤵
-
-
-
-
C:\Windows\SysWOW64\CreatePolicyRegistries.exeC:\Windows\SysWOW64\CreatePolicyRegistries.exe1⤵
- Drops file in System32 directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\SysWOW64\CreatePolicyRegistries.exeC:\Windows\SysWOW64\CreatePolicyRegistries.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\CreatePolicyRegistries.exeC:\Windows\SysWOW64\CreatePolicyRegistries.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\CreatePolicyRegistries.exeC:\Windows\SysWOW64\CreatePolicyRegistries.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
225KB
MD5556c824c2bf2c901a447a5f7797fb3f3
SHA1c660e24afce97da9aaadb3e4253dfb895034e990
SHA256f0ffab37c839377f0b73ae9543afec5cbcfedf67bfbfa967a938765e55714f3b
SHA5125b1d9b0f3a074240d634dfcfdfe21376763a7848ee976097ef1724578e4594b446836d2b41a7405b99e3f97a7ccb10c9ced0b85f4d050584e586425f611428ef
-
Filesize
727B
MD5cc382282d473a2bbf5b14c8859fbb6f0
SHA1b0f3353d22836a294dd8870f085e1e3727dc0019
SHA25646b4f2f006f967152f5008eda5d080cc28728103bb2b774004cc3ba7e1df6432
SHA5123f917675b31ea7383775c9a6deed3756e4c16d50e43949cd9160e3e9b6a986fc15bd53b78654755e40d0ede673eb8b006c50f7dcdab337bf2d72d82e9155b3d2
-
Filesize
727B
MD57a3b8457313a521e0d44f91765a4e041
SHA14ea8ecb5e7b4c11f4c491caf6cee7ced5ec4c267
SHA2562b08ecf53bb8b6c430659926148f896102dc80b5f38b0ec5efe122199659651c
SHA5127349fd1b8c490d540a8bb25f40587f9874ff5d9b1f9bdb2ea69db9218ebdbdccea5e4d6645fbd1098d051b008b1ebfd12a619c3a4d6fb54940705ab14933e159
-
Filesize
482B
MD5c6e47890dacbf0fefb16fcf679049582
SHA18db452721d6eb1e676cd60048581141a8ba7c211
SHA25646babd3073db5433c5ab658ba964c5c92bf721f76c7aeeaa40cd104f6dba6e23
SHA5128c991d568ef6c8e148062b664617cf2157967ec6dc5e03be29eb465d9c32f7aec1b2077b8b6c899a7ab34cfac471506273e400db652263d8e6c8f1f9e88ab9be
-
Filesize
478B
MD5f3cf36fdefe8c5ad202722594031d88f
SHA195309bb60cd72f78ab58f32b03c2d8511262e969
SHA256fe07e3389fe91dff0d3d6a260f70142f35dcaadecb97f61c286ff9f42d3f2681
SHA5129b1995062c5aaf7cc548cdc2e5b63f6755c10af49a805b0510475ae44b4d274bec7bb1cdacf05d875fd8e98c0372aa73e20ee19360ebdcdb418fae8acc375e1f
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
72KB
MD508a7eb40b82572e13873fa1d70e8b101
SHA1e26b02b9621c4e684378d06ae041f7c941634ec8
SHA2565cff81eb2b5d853688e90aaac32fb6c765c538a4e72f032bcdbfb8d53a2edd36
SHA5122828160bcb13d1ae472bfd066dfe8fdc5e643d918561b9fc45bedc96c6521b5a9b4202bf9865a5b83d71fbc60d8271671212f59e276943d01c57c7dfe08dc36b
-
Filesize
50KB
MD50789c37c8b924c85a311dafedd0e9ad8
SHA149dce4779058aa0ed4bc56d5e803b43134643aaa
SHA25661b1d5944e376537eae7f3e96790fb3b48f6f056dda50f2fcb36146ed15b7df8
SHA51274b02efef71b60a9a98916dece1fe2887933d4f1404c15c3ef7ab8a9b23d0d16b16743d765bce85b7d0edf22d3cb1f88745aa209beda10477eaa545a704d4527
-
Filesize
95KB
MD5dc51b256d2198a0148c0396ebcae55cf
SHA14ee9171d752ed44d0f7290e1d026ff05d72d2913
SHA256d1010684ded60881b40f4a79e16e6b9209e6d1f79525673d24c3db3370bb0966
SHA512268c0bf59db4d0f180f743a03800ec55db2e56174dfddd3f94d45e408d1625963658029689e3d5976f88737894a49007a14481d597464eb4fa611506a57155f2
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
141KB
MD5c5065518c6a5d365ff05c6f4d5eba647
SHA1e6b5f8ab6bf5453d164b1ae589b88e4d78d75e28
SHA256a8a2227fdee378645e731d0717a24b4087c31056f1506e143eb054085eb6f126
SHA5126e29e36512d3c78054d1b8976756b26ea18cde07a601ff957d48f26993637c066bd95919b07406ad2c0af055eb08ee19da2075bbdfbfeddda10a00a4450eb8ee
-
Filesize
20KB
MD5dd62255c6e72b80ce88a440481d3d22f
SHA117758b8673c033ecf7c194e5d1190bbf9516c825
SHA25616921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249
SHA51219cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76
-
Filesize
312B
MD54ce7dd2f7af32e0ffec7d150507bf926
SHA146a810151628a999f6a1738ff0d604e825cfe7cd
SHA2569cfbbdae0f45c4bea9c9823086a196c948367bc55d0effef0150adc5d548c985
SHA5124b7c3b6b8e4bf4c872b89793d3e33871c1d7667dabfcf9912cdb8ced5238c433a325ce9359b02b31ddcbf014f7c67e7f155ead971f6faf09be70fa4a1a83e68b
-
Filesize
288B
MD5afb1b516ac81e46ab000f6a7545dd6e4
SHA1a2b1f8558338ed9c832761c438df29529f1e0334
SHA2565fe3393c1b5974a87b2fbe60e080d63853aac08bb91f7b9925f2406a573d5394
SHA512576916ebcce072a47e169805c10c688436fb99a74da2ea3f0f95e9f6d9215e7742081b18cd99cb9aef32bd9a9fb92bb0a2a0c347a158d7287543cec4654e9e21
-
Filesize
72B
MD52266244df8e763b1de283761372ac672
SHA11d7bbf95b72a167bca6bcd3a6c72429dc5f745ee
SHA2563f5a0dc39718dc23f67ceacb6b35836195bf5300dc0ca2285c3ad94a2f3e22cc
SHA512720a47018670af8c50211f08b2db50bd476bf73988936aebc6bcdbe48194176332c86b9baecb94fb2a4c1ea6e5b1d5bfc615b0bc7ddbf8e5ad827df1d2202472
-
Filesize
432B
MD5f90da53d5c45e6d06c5e7c4a77aac2b4
SHA176068c1ca368d7ea1327d5cf726bf651056295d5
SHA2563ebdb8f40ba88f2ebfc19545fd956297c6932c8eb00159ff3235f29378ccd853
SHA51291d47799a235c521a03b77a4dfdc5213db6f631c12fb469df9cf43847e6c2459a103429d9455d40cc6fee4dddd2fb789d15092254ef3105ec60c1123a08eb4c1
-
Filesize
432B
MD5c96933f2d095f5bb101820179dd66eb9
SHA1b74db20774a85b4aaa2840e0658c424f3046a6a0
SHA256bdbe8aa56f02de604e2a4c90a78220c385e8f45236dc21890e88c1071ffbb0ba
SHA512d1291073bd87bd58d776ed3b0b085460aae1ee3573900c54ad77975d424c3389bd4bc69a6f7899165d61059f0e5c300b777ba0105911574932cde40f57cbe6d3
-
Filesize
3KB
MD5e6d67a95a595fb984c2a81e329a51c91
SHA108ac1ed0db50472ab75012a3b3b3d02200b548e2
SHA256acc0a77359f56a6f3220bad6222d521cc80fc4801657dabae69b2613dde89fb7
SHA512082e9e03a4c4fc3e4d1dbd4fa7945b547ccece4ea407a323ac690ae02dfb7214bb22b9f9d336e8e49af9cc47f6a9fc8c92a93177d72d06094470136dfb41dd41
-
Filesize
3KB
MD558f6dce71b2193af58809240402c06b3
SHA1bf1b75a04c87f24abf833c4cc8b72a08b7861042
SHA256924fed0d1a8790298db4d4b50df7cb946c26d1d575c08a9d0b9ec0a39ef94f4b
SHA5125461268475a9f71954087e29b27867141dce0af28de10f6696cc1031b5cec0322a93a2332c8557495ef0eddfe68b89bf57195703181abd4d659bdb9fb980c7bc
-
Filesize
3KB
MD59f5637ab3bec31d0ad85caa62e7d0fae
SHA1b27245fe072aad7370076e23852a587059fa3f96
SHA256f00c08760efbe4a89e58503b613912a24594ef01d4d1e7cd2522eb59a40537d9
SHA512c3d0597c92ae6389209b85d35c8358c1064722bc660bca34f37c4ca78ab91542ec1d03918ee515229160580d7ee7c0cf3c326c4c48af0caa7ef91e504121521b
-
Filesize
387B
MD531ef72e6a172ec4481a030dfa0e840fc
SHA1f2d54fe0c7a489260722de64e2c1e8c15333fa28
SHA256c67f038c764222b3a8ae65789fe0823c594f435531ea3b38e697ed2fc6565d13
SHA51260ba3b9deef9d81df2dc2c775450b6487d939838ef210c56ea5448938059419a7eb0259e911e467d388033e9658feb8dfc5e78cd72a869b3681d4f8f7dd840e7
-
Filesize
317B
MD50fe6a36704286fa053c8be4385d7e0cf
SHA14c88046cb53497b0cbba9b197a621dc5962d60ba
SHA256698039da2a84982448f1167efdd0c247c70995d28d6f542bbd49fe0c87ade213
SHA512958aa8edb88f11c89582215d42e03dfe73a2e7cc37684be9b8d0ce2cf06278fd749197a9144ba7a384fe365a00db4537c5016635d8adf538bdbe04bbc5e4cbfc
-
Filesize
5KB
MD5e2ae2a7b9310fcd7a7555595ed39a42d
SHA1ba087ce5d7d90ec7b82de0e55952a058b9ddf066
SHA25670d4e2ea72a677b25047fe23e681b5596f8e0d00e98fe78a28011ad24061fe6c
SHA51218203cec0b974e4cffdadfd793ea0f31713c38a6f4a6c30be2333be406a6d45b54bb8c153e81321290524cb7c19708cfff160c2c4bb7dbaf482faf6ccd4d7668
-
Filesize
8KB
MD57f77ef74452e1624468629ad9dfaef33
SHA1084cd1f19d75049983b64807df0ce2b7eb3e4722
SHA256d9319d24107faa9965292bb9043fbcb79855a892d67697cfa61f3d7181360804
SHA512dafed9a5969152cf67f1eb43c39008a20d28d4dab3d760dcd79cf1ec8fcc70da760edc2236931e700cb206fbede3af3bfaa24a9281e85be72330bf265f341708
-
Filesize
6KB
MD5790961aad90ab643d2f2d48601a9f67a
SHA1c88f78a1102948891537cd30e8411813b2234bed
SHA256a80e6775f171a54b87a244073292d71483f86b1d354272e13386cf99c92f00e9
SHA512db0c5f06ef5e69de77b35f3a7bcd81f67e4c5c0b72413a75bd21f2f4596bf10370f52683a3e3b8bc63c703a369ffdffe0b136a7ebc4c20f3667ace24cb073ef2
-
Filesize
8KB
MD5cc2572dfabf68ee64a2bcbe1fd14cf44
SHA1d28692c507019b7c4f806410d47c1983857fe476
SHA256adf42ee14d91f704326d825b924a0b4a667c86f3774ac156906d34a79cff087a
SHA512628095e72b99f092cb22a381e8256e9f68d0e917046fa8f24bffc0d5dc2b49b9ceba547464c0aeb2bc5256d7c0f2997fb625a6067cc58b60e98ea2909d16efb1
-
Filesize
7KB
MD57e84b6ce9ff5f6e8e017528fae8a71be
SHA19a9abb43076fc4ee44ddb0c245d3c114db80b337
SHA256fa900b2b0e939b4808ceda336e66f472ece201fcdb7e4198e328851e3f54f550
SHA51212497fe1417e9a247324985b661641d7cb7b35fc9a2c0ab121aa7536464bdde76305e0ca74e3a5d044cc359c54d957ec6768ab21233ffa0f9c078fe222fb6852
-
Filesize
8KB
MD5768c682231af1a6d03fe78d1044aeb52
SHA12a6750c1fd5cc0021d3342df12f61b3c91e2f8b5
SHA25639c98349b62e88cc7729ce4004a7ba06009a2ce24ce9ea8e0347b98b4acd7833
SHA51265994f2dddc206f3ffd918b78270fa0d759589af4259907f881f99918fbbe44f15bb2ad8ce8c4b7811ad7b28afd3033913d576d497f6b531735752fe63e1f504
-
Filesize
6KB
MD5adf133a70d9a0242bb0d1eb2effd78d1
SHA155b8a386b6332866ac72f6bff24db250af7cd3fc
SHA2560c0f0ba957aa0e0e2734bf631fe815bb3902265c7830646a1e63f8d4a16674b1
SHA512460b4124014d6e0643837204ffd115186db2e477ab1247113d446e250681b87975557fae02ffce3989b629142a1a2e19e0a22db5c4219a4037bc9e7069ca78a0
-
Filesize
1KB
MD5f7f1274e4e314efc8439305dd2943b3e
SHA17bb18c1b72f61711127854bf116f59d8039eed82
SHA2566a5fb041a5a89967239a23fa070ebfcabdf772408d54acdf822ec74e6c87b2f3
SHA512e611da1201584fbba1ee66c570eb963e71569febe0378da186bf60e46eeca685326b9e8f23bd368273511ca50783135cb98f5050b7c385631335a33bf9f3a9cd
-
Filesize
1KB
MD541e34a2989a97eff1a5fe7bfd65b0335
SHA100f438b5c7568061a07fc520738813f09f07cc5d
SHA2561d428267425c36c5494edb8d5aa3658523b87411d10f00eea2bc48d9dd3c7ceb
SHA512b150e1767dbc5ff4cc07dc28259d3addc1a38472deb03ef75b104390a625af99031c03539ecdef1c56af587ff74d6f9ff04621527cd20a4d0331c4eb39ec6ac9
-
Filesize
1KB
MD541e6711df7b6715b48231fa410e3304a
SHA1c16eac689da525f2ca8bf190b4a3c5ac6c67598b
SHA2564632787c354d8a98a8b02b50eb068d3b520ee9c7adc214940db81464ad3d57c9
SHA512f84c5f4687acab1b2f3b00c963913208552a7d16ddff973b44d817c9a8174ce36a9884db9a4b4783adcbbed1cc6a48c6fafe33bd4b0349dd26a4eb9b24ada92e
-
Filesize
1KB
MD5b2ff78603659759e8b4469151ca6acec
SHA12ec8601c1fa620bb116c7a3a89e8bfd666192bc4
SHA2565effcafa1726e015841deb0a3c12ac039ebccbc7de35a1e981017a43bce44925
SHA5125b61323b466f7e4ab155915ffcd7f512250b752efdbc9968463cea064a3bf435fc852c3d4e0b00e55172fea1892ee91e4d5b4669a70315af199252a0b01fa1e7
-
Filesize
874B
MD59f34a7554a172386144d7fe133228103
SHA10fe866b1f0093d4871d1db220efd022e017a89f1
SHA256181dda49c947e7dc4141743b11a17a64c3d57885c1987b5db16b7b44f4c74b5d
SHA512233db979952b7d26c6939164bd3661981ee9f9f997e1fe7c711bc5bade7c8d6e31ab5e8795d1fb84f32620faedaafdbe71ab3db92b6d793e0254efa8af465e6a
-
Filesize
8KB
MD52be00a93769bc06773f9459c38e8b664
SHA1c5d551a222e375be1be11921abd2b47c35ea0499
SHA2562d79f39bf4313094354e22e3c4aa643894ef968fb58d7882335cc6a0ac28d290
SHA5126732a2f7d447952bc59e94bc3816834a4a0986b7fafddb85df6bdee01680ffb7d1ea4bfcbd40988fa92b82397fc4d33daeef6dad43db2b1cdecdb61a08d76a35
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51c2a291303dc9d18092c478d64bee53d
SHA1b6006f8412cb413b86eb734d8f26610183d519b9
SHA25681b2cd24f1afae870ffe64617be7494c1b4288b73f46a5318320c1415e620849
SHA5125fb09f63b057b2e7b0e88678439572f2f1f7b6c1c8fccaf71a4dc57d69518643cf2f240879f82a4345991e78e0fc127589ff064e9d2566d75cce74c01e169b00
-
Filesize
10KB
MD51cbb37687a01c1bd4c1104d89579672c
SHA15d97514ead45c3b577fd83fcb67e4a57ae06fa0c
SHA2565a0671d2b65cb905e03e9fb17e2cf9a2aa302af4f529a916f7e155d89db856e6
SHA512a50f203042a8cce26425cbfca64c86f8cb7f92c7002dfba738f8d346bfb1741e7455dcbee25cee410c0527861663161a419854e828bfca2e34608c0915de1af7
-
Filesize
904KB
MD5421643ee7bb89e6df092bc4b18a40ff8
SHA1e801582a6dd358060a699c9c5cde31cd07ee49ab
SHA256d6b89fd5a95071e7b144d8bedcb09b694e9cd14bfbfafb782b17cf8413eac6da
SHA512d59c4ec7690e535da84f94bef2be7f94d6bfd0b2908fa9a67d0897abe8a2825fd52354c495ea1a7f133f727c2ee356869cc80bacf5557864d535a72d8c396023
-
Filesize
1.1MB
MD5e612b2f3c68a7d5c34592c88778766b2
SHA1e18329c9f763f923682408032b7b35a4e62fdf81
SHA256403869ed494bcbc3e535b492f2ebfad95748049e203ff7c31ac1afb38d8909ed
SHA512753c8d4600595c0b83f1a5bca9da637d56d7778ffd74a90942ee243e6b998c113e372b35cde4aa90b4a11152176812e354a6c0761b169243ecf5d3a9c793b543
-
Filesize
216KB
MD5c4d90c83e2fe2693549c97433a61fff7
SHA1c0d15050b51b79838fce008279ad8aed835b0228
SHA2569c845f330716ed4228b6176b8fc9fd9ea90f687d6915c01ed5e5745537d5c1f4
SHA512467e3e0fcab89de5fe0af7ecf0a081ff25db10718d5a99f317fc0511d71c5b0e54141a25138bccce61ca7ac03c768da78ec8bf2e5bbb1fa73cb3fc632a5f869d
-
Filesize
416KB
MD5968b71f1a1ddeb430fd85b3935c0832e
SHA1e8f037a8cfd6c213efe9ab2674e67759dd83315d
SHA256b39fe8097e0ec833475e8d2d6f2ee15fa0360f2d2344a3962b2516e697476a0e
SHA51236322dbf6ee602e92d59638d14dc7a14e78a468fccd35351ddce6e3151d974bbc800f87c1a0aa6e3f000d2a76a8826c182c9c43b4628daa3b8d61db557b4e200
-
Filesize
3.2MB
MD55d74155c3195e27633e1609d45b1ce07
SHA1e1ea143d17a1700867bf1baea72a442109f27504
SHA2565f1b04e4a9cf5e1e3f3e11a4ff712702a102c93be276dd5da9c6927c4808575a
SHA5121d75aa24a3c9e161c36422aa543bbb60491ef5a8f497aee2fb29cb692170b6745b054dcd2ee8f881c68d182db033c04842fe2f1484385870488738d108145c36
-
Filesize
8KB
MD54e645d7b2898ecf396a3d11588b7a7e1
SHA1f46d4bcad68ce48d30c940ef2e24819d436d6d9a
SHA256a8ff74b484e337f8309cc42954578fc0e1e747af58d31df9bf017f7e83cb1037
SHA512a62e01457f195f45d316ee39a8e80241ccf988466e02d9d93cf5a331fab203833ced91bc661063bc7acf0699a745d30b090b67a18158046891523f32e96d66b5
-
Filesize
1KB
MD5480c164e1147059479578928631605fa
SHA1bafc2e08ba198af11d2b9c7f377150f9be21367b
SHA2562d4b853c113f9478a8320cf0b1f676a89b858f35e8e8a2e706da66b25f4e2971
SHA5123c0a0ee27f086a17cbee8b4f7f58d733eda8de66023f6766b573d7bfcca91fcc02baeef5ce2d7be7ae7d1d7fca9abe7d096c46e71e7826d85370827903dbff89
-
Filesize
32KB