Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1048s -
max time network
1045s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 13:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://robloxhackers.lol
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
http://robloxhackers.lol
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
http://robloxhackers.lol
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
http://robloxhackers.lol
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
http://robloxhackers.lol
Resource
macos-20240711.1-en
General
-
Target
http://robloxhackers.lol
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3912 msedge.exe 3912 msedge.exe 3492 msedge.exe 3492 msedge.exe 4620 identity_helper.exe 4620 identity_helper.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4736 msedge.exe 4736 msedge.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe Token: SeDebugPrivilege 3788 javaw.exe -
Suspicious use of FindShellTrayWindow 47 IoCs
pid Process 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 3788 javaw.exe 4800 javaw.exe 4800 javaw.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3492 wrote to memory of 3460 3492 msedge.exe 83 PID 3492 wrote to memory of 3460 3492 msedge.exe 83 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 4212 3492 msedge.exe 84 PID 3492 wrote to memory of 3912 3492 msedge.exe 85 PID 3492 wrote to memory of 3912 3492 msedge.exe 85 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86 PID 3492 wrote to memory of 4872 3492 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://robloxhackers.lol1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd472946f8,0x7ffd47294708,0x7ffd472947182⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:12⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:12⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1380 /prefetch:82⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,5628717112006275383,17587245792570173257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6716 /prefetch:82⤵PID:3956
-
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Download Loader.jar"2⤵
- Suspicious use of SetWindowsHookEx
PID:4800
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4600
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4020
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4608
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\r8x2vh5c56.jar"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD51e8832fb0b7e140899e3c4cea63bbb43
SHA1b71583f8d4927492f91d3683d0ce50486e0e2470
SHA2569ff127b29e33974ba308b6f760fe1203c9242ba3b6cb115b3336eee87a1e23bb
SHA5125e28c45da9330da9cb7600ed49dd0c6bb10db5c207aec86045f88d31276a2d4bb7f7dca44af027bf86e8d89f53575ddfe17fe30e66e73bad6dfcf695697566e0
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize576B
MD58f06fcb34476771502955646a6cfbbb3
SHA1f88a07b0d9737f8f69312eb64f2f56a903a258bc
SHA2562e8d519400d79cdad64990c7c5615a7bbb37767095623390d2b15f5e69b4d373
SHA512b9e2bc5e790d108c1258ced0d84bc010ff090aa15382aa59918438563d9a252d365bb8afecb70ab5b9255f961b27fb6d2e8b711b7130d5b210b5879e885a7c5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize528B
MD5b3277af2e434ba41f0d0dcc79af65a42
SHA199b6d1268208a50973524ac425f13e09dda74825
SHA25610e56b3a59999b12c2bbc34a000188a98901974f5c34c3baa2fd7fe75c84a742
SHA51271ab181492a4c6ff0bd27eb86ec7f8f384dc26c62102751cb08b94ea336a3f1fb1972d1b6b00f831bc22a06cab64b1d89510dfb60905feac24d39c031cd520aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD57b4935e952008b7c50cfc7bce59063cb
SHA1597b669196bec4821371cbb9fd42ead3e186f9f2
SHA2567487a68c598816813dd447575eefdf34cc2fb670ac4369708282d6243b9f2a29
SHA5121d41a32a367f27e09970999e3ee98016cfb8e94edaea844c049fa1da939656f78c9f2d82e6c1e5e652beb7df421e68f89465863a2ca55ce3c6d8df523ccee7c7
-
Filesize
557B
MD5f274dc86e8b4d27ac0d917bc83e57cd7
SHA1add8420b93ea2665c39adaf2fc25c8b4cc36ebb8
SHA256b2e8f9481a1c15583d9131f88ab333efcc3dcd80bb747f7694bab293c628bee2
SHA512793094a03d7fa3736603e89abdef1518d9a6dc68e230d5858023060f3b2f0c6fe9f6f3dca4cc0e874c38c7657ea8a57484fd95d7ae73abe2ac99d42c578133e2
-
Filesize
3KB
MD5ef715f7ad3a74a05a3e4ed7452e560f7
SHA1bc882bd46ff5c40de8cffed12fce47c543446cb5
SHA25605da2b14098a0f8fc43ee94798f9740aea853130ce8f90fba9b3343a10049df0
SHA512a6897eb24db25afa61541446eb7a9bdda02ecb48e346ea920f745ceae39813b81d86a84956f31a7ba2a90b91d78a8c9bd97f5943e2ec32a9b6f286e7d0493611
-
Filesize
3KB
MD546f5f9e2a0f36438c80e2c2577ce85a9
SHA15baada412b36b81338df062fa51abd0ed176e15c
SHA256ae0e336e1db48f92e4d5461380d54cf1844c0caaa291ab29fc1d1ce8a249f985
SHA512f32be090940e7b97e42ce0aea12c311225b032fad37244368ee9404446d10e702d3a3d5e3c94bc7e0b65e05fd44c8e7bcd3b9e30c153cdff5df8d1ed8d1233a7
-
Filesize
2KB
MD597292de4b91b372f94ca0b389701671d
SHA15fff3b55fe26eaac6c4fdae43266c713dc6506f4
SHA25639754b73e620cff2b3f671eababefcc81b987a917e31424d1cf94388d629d77e
SHA512a54ddd2e38f32f3bd59e1bd27accc4e675184d59dd3fb9b8bcf7b9e0f9f76c782ccd2a46e393633527700544856d96a02923fbccec0d356245d7929a7eaa7687
-
Filesize
7KB
MD5c6ffeebb5956e55e7d8973bad0da64f3
SHA182379c7699af76da9cc474c27f5c972ed7eda5c9
SHA2569e70f76414fd126151a9dc4c50d6acb1973c95a85e3176d5b9d7e891f6c014da
SHA51243eeffec9cdd017eb5ea1258f9b2e38bf44f0b7932f4cbb3caa16ab110c52b83a518bd9381262bbc8296c99a379fa888ea65507c7b0bee605b3fa9b4ca52bef2
-
Filesize
5KB
MD51b99f4e4989d509d30d56f670469ce19
SHA1861b76620dff18132855a4d185517f83a1fbe10d
SHA25681dee210bb2339ae1cd48999d7f8e133b62d51774e0751e75fd1c1882902681b
SHA512eca3e8bee5d72479f5983021c9e6f0221dbac26378c5919b67d801ebc03a21d0dc8c7de5a4e8fc4ccbb7f7e2e542a459c4bec4c6effe73972090366a9e82d8d2
-
Filesize
7KB
MD5fa251c4a7db7141ffc0c53d4de40838e
SHA1287b39c52263c30d9dafef09c60e2903e8f887de
SHA256c49f421d0c0c5c5a51c672440087a11b5587cdaa03df7cf4ce816f01d269708f
SHA51286fca22d7244cfb59ebe9087a5f24d2b194234a97b3d7f42c1f06a3c2a48673dbaba22b58489c53d5b331555ccb2e7b370124b18a8d98c08300e1bfb93b8a40a
-
Filesize
7KB
MD53947b6f193d81e8565713333fe26099a
SHA17341836620fd855557aacd53279cf1956c58a025
SHA2562a136013b2fe1554309d5d656270fc1ba02102d4d7c1c195e9ec3fb449af9113
SHA512edb93871a98156079b54221065a6beb6836b336afaa1d14f4adfdc5465ab663382ec61415e7c4ae9315b3233f224188ff6b617b3672edf6a7129d5ff950c07e8
-
Filesize
6KB
MD5388248875db23eaac527eb7c1b2c5939
SHA1d1ea343b49754bbcbeb07abe72414863ea00ea4f
SHA256b4aaf1be8c1f1905b48f3543df2370fb297db5932e56d065ebcbad2eec0311ec
SHA512c37b46ad0812db8ea214f7afb1fcecd18673549cdf53f48c9ae1e8527270a8b9c9269334e1e5c421d2972568c0ea7079b6c21524bb1c8ea85ecee7a1ae204e1f
-
Filesize
7KB
MD532b0c7dab0f733b5128f19a1f59278ba
SHA115c0227bb1749eab6b33f4ede2a76aa78b49180d
SHA256ba57262878372cd543d2a232c20bb5468a8cd331b2b8b25988ece1afca0d31fb
SHA512844621ef98a422f873b8cec30af2981807021389c49145e81ee5bfe0c6a5ff2aa3aa8092f200422e017ce44dd8eb57d5585c5a081b4bc624fcf318c71a03f3c5
-
Filesize
705B
MD542eddcaa6128ca04792189bbdf6667dc
SHA117ab4e0184ce18ab4e5dd79aeafdef0753999bdf
SHA2561bfe2eb6d00383cc12c1180a74749317aab80847b880a7a5a0154cc4155b5c59
SHA512e5970ba1f9c1aeecd605f95c129c870bf08781e1ec6172f1d25f9374e11aee207d2b18b719638598d003598c0c017afef84b7f2eb420cfa1353d59d89564afe8
-
Filesize
370B
MD5e7789945e929a1891111d3d81f39d2b1
SHA122ff8fc9dd3c9b0967cb6071e6f7cf1ff4da3aaf
SHA2569ece509a2c0175a538970a23e88a06f0423e26dad7f94e2376565d511a27e44e
SHA51224132148810345c63fbd0e40df09b324998ed808e0f93825cef359eb4e3883e262fb629a6c9114c8d915948bf3754698d984915787eb8a62033cf523e137e55e
-
Filesize
370B
MD5140603e186272e29f99a8b9a082f18ae
SHA10806afcb880fbb1d783bc24c60c4b8c166ff7a50
SHA256419d0101ed1f6aa0de8fec300369126b31aa3fe0c7fe6eabf406559326c5f5cf
SHA512f272dc7019cf5e0352d9c58eaaa27fb1cedb34233f99b57e858a05d0d2ccea6f5af6381a72a9d9643476f8089d0ef399a5e474f5fba40168f9ce417ea993a588
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59f321b6ca02b622bae7c1add7e06e259
SHA16f2f192e141fa567dea48714ff8426a596183a61
SHA256738b73cdd8d952472b5574abe16823b5cc24be3c2f534f44189b44a5a757c921
SHA51246ee0e613582a2159213ed2a0eeb07bbe5be0310ba6cb9c21ec5ab0c521b9ef57d2a19793b50d4fa47f31f209ccffee48de928ab746956aebc68d3e58e180394
-
Filesize
11KB
MD51bdb990b0e7ce492a4679d699cc13771
SHA1618b9b20a290047412acd71f69022bb9e28ce071
SHA256aebe734fd2f89c3d252b11038477e64eaca364ad812479e138fecf684bf61d11
SHA5120d325ea047eab81e51636bc8c16c269a4e1744846e46fb74c6492955acd76e74e9a8e4060f190afbc7cbe7f53f81117f11e28c1bf4d8a4e97ce936cf5b4fbde4
-
Filesize
11KB
MD57194eeddc5e05fece3023b3e30b18154
SHA1f7a345d997303f3e6e7c83c98b3a1a08cfb851e0
SHA256dd873db2e9fabb75bf2aaa747d5674b758ff9615b21179ba19666b93f20b866c
SHA512cd18645c1d19ecbb308e59d03895a5dd98261c7ef373dd819f05c2fe06be483396ff23351932417acf033d5936362376ff6310674b2ed92b584658735f6c278c
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
2.2MB
MD58e48fc3bda0bc899ba7c38b5bd2ac165
SHA1bff45691858d8278b55b46af99ab0b5890564e53
SHA256648ca4f9c2964bea3e91685a32e0381c803d648cc358b39ae4071fd3be77fed6
SHA512a807a35eee990b75d85417bdddc3aabbe1275319ccd982c08b7bd929eb175992b96d7728a4615885b1368c9693550968a899b2d308fc8a0c9c3b1420ad7bc5d0