Overview
overview
10Static
static
10The-MALWAR...ot.exe
windows10-ltsc 2021-x64
10The-MALWAR...ll.exe
windows10-ltsc 2021-x64
10The-MALWAR...BS.exe
windows10-ltsc 2021-x64
10The-MALWAR...in.exe
windows10-ltsc 2021-x64
7The-MALWAR....A.exe
windows10-ltsc 2021-x64
7The-MALWAR....A.exe
windows10-ltsc 2021-x64
10The-MALWAR....A.dll
windows10-ltsc 2021-x64
6The-MALWAR...r.xlsm
windows10-ltsc 2021-x64
10The-MALWAR...36c859
windows10-ltsc 2021-x64
1The-MALWAR...caa742
windows10-ltsc 2021-x64
1The-MALWAR...c1a732
windows10-ltsc 2021-x64
1The-MALWAR...57c046
windows10-ltsc 2021-x64
1The-MALWAR...4cde86
windows10-ltsc 2021-x64
1The-MALWAR...460a01
windows10-ltsc 2021-x64
1The-MALWAR...ece0c5
windows10-ltsc 2021-x64
1The-MALWAR...257619
windows10-ltsc 2021-x64
1The-MALWAR...fbcc59
windows10-ltsc 2021-x64
1The-MALWAR...54f69c
windows10-ltsc 2021-x64
1The-MALWAR...d539a6
windows10-ltsc 2021-x64
1The-MALWAR...4996dd
windows10-ltsc 2021-x64
1The-MALWAR...8232d5
windows10-ltsc 2021-x64
1The-MALWAR...66b948
windows10-ltsc 2021-x64
1The-MALWAR...f9db86
windows10-ltsc 2021-x64
1The-MALWAR...ea2485
windows10-ltsc 2021-x64
1The-MALWAR...us.exe
windows10-ltsc 2021-x64
6The-MALWAR....a.exe
windows10-ltsc 2021-x64
3The-MALWAR....a.exe
windows10-ltsc 2021-x64
7The-MALWAR...ok.exe
windows10-ltsc 2021-x64
1The-MALWAR...y.html
windows10-ltsc 2021-x64
4The-MALWAR...ft.exe
windows10-ltsc 2021-x64
4The-MALWAR...en.exe
windows10-ltsc 2021-x64
6The-MALWAR...min.js
windows10-ltsc 2021-x64
3Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
04-01-2025 01:14
Static task
static1
Behavioral task
behavioral1
Sample
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral2
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral3
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral5
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral6
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral7
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral8
Sample
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral9
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral10
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral11
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral12
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral13
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral14
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral15
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral16
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral17
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral18
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral19
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral20
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral21
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral22
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral23
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral24
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral25
Sample
The-MALWARE-Repo-master/Email-Worm/Amus.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral26
Sample
The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral27
Sample
The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral28
Sample
The-MALWARE-Repo-master/Email-Worm/Brontok.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral29
Sample
The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral30
Sample
The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral31
Sample
The-MALWARE-Repo-master/Email-Worm/Duksten.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral32
Sample
The-MALWARE-Repo-master/Email-Worm/Emin.js
Resource
win10ltsc2021-20241211-en
General
-
Target
The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html
-
Size
12KB
-
MD5
bb7b91d1685db89b58ac01a72921e632
-
SHA1
4a1dd457983a7f1bbc7943eb5fca3da6d93d4176
-
SHA256
940a563df059604ac0dc6a92a845da2f04236b86887208b89969b70c6781c3f8
-
SHA512
09e26d197b22a4553e2e87a9ee0957700766c2dcd11157b5b71744d67abfa30d71d45c7bf1081bf9337527e3b8aabde99b09bd2bd30aa302329ebf480078307e
-
SSDEEP
192:W1VoVk8X2TrWAXaR06qVoVk8X2TrWAXaR06LV:Giui2TSw6qiui2TSw6LV
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\04b7b33e-dd87-4f4a-9048-ce554d74105b.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250104011749.pma setup.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 3988 msedge.exe 3988 msedge.exe 3380 identity_helper.exe 3380 identity_helper.exe 2488 msedge.exe 2488 msedge.exe 2488 msedge.exe 2488 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe 3988 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3988 wrote to memory of 1128 3988 msedge.exe 81 PID 3988 wrote to memory of 1128 3988 msedge.exe 81 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 1744 3988 msedge.exe 84 PID 3988 wrote to memory of 4472 3988 msedge.exe 85 PID 3988 wrote to memory of 4472 3988 msedge.exe 85 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86 PID 3988 wrote to memory of 2692 3988 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3988 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc164d46f8,0x7ffc164d4708,0x7ffc164d47182⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
PID:4480 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6ff035460,0x7ff6ff035470,0x7ff6ff0354803⤵PID:3808
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:12⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12407543302137067298,4529952343082451597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4384 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2488
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5913cd25b0de81960e841c81a7bee8b19
SHA12c4bf2a4de37c06bea3e39898c9a98ee611b5455
SHA256b01953744098bc035aee2a21976607df9352ca42abc3e01d769e2ceee1c9bd5f
SHA512e5a879cdd1f83d6b6ee13117924522c967e2413c29722b5507b632514e28a0defbbcc942e7176f819e05df7bef37ca5133ba5efeb67a91c34b3736eec05ac8af
-
Filesize
152B
MD5de0e1d3019517b3b005d7731bbb8a355
SHA1ddf1f15c241f72585595cd30de12c4c3ce4e2f97
SHA2564ceef5b8daa774c456edd70e46668746b8fa086bb9515ed5975e6737e40dc3f0
SHA51284f7a069fd6f0713fdb9d35f17839b8755671047be477e49102f5777e8ebeeaa6421d3816727dd37f1241f4653c063fb0823ae7bab1d3001635c5075c2ba464d
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
5KB
MD51ff973c44c97bfc804e0458995eeb101
SHA18839f27a9cab82379fd3b44d11f15b9f89e2a237
SHA2560d8bcce835ef6727e8bc90f2b4f800d9286a5da22345f216bd3dcc57f38c7608
SHA51274bd8b56bd396c0ca55a3ad2ec01eac7534daabd57ff4d6948d7ff675590f09f5830d9b2b8178585457cf302e0db7bd0cbaa31a352e119807ac558b8e25cb0f4
-
Filesize
5KB
MD5cc7d4da6b40924bf7162e2bfe79d61a4
SHA1b942f69f9f4fd9513fa421b05e04b0e04ff61619
SHA256117814792a359771ebd8333cc5575d3d2d6b91ba4c275668e4167ceb10b7ea2a
SHA51288f9dfffe676f6d65fd6ee7e26ef36080c7b5f08afd7446b9306d3ea54b0991b91652b08bcc153d567c8ca1fea589844af46bf8dbb9f3d81c916fa62cbb5cbdf
-
Filesize
5KB
MD53b69de7de554f9bacec8e6e63e9b2ebb
SHA14aa8555a2c6319c9c6cd3d96850d7e1620c0ef68
SHA256a36dd9e670fc8a686d1892540a72fd04153a91e491167c056884605cfaf75bc9
SHA51218aa38ff1797aa4f8d70c3f1482dd24f496f68f78eed2955904733f7f264d0cc667cb8db2f8b351e5505633c50e49904a04698e452c7cc790a261547d426af58
-
Filesize
24KB
MD5cc420cc45f686797b102b94f6bfda2ee
SHA12b0b5d4848cc346c341cbd51d5fc6ce8a08910e7
SHA25623f845e57c6718a65f93b97ac9c425d7abaad84f75e77e662c4df298305b9a19
SHA5122410ec9ef56e8ad547219c4ffde2d02ab4fe8ea668c51f6519e224805770375427a4db95eab5e5f062ebdf36323c5bf03d1633508776fa553da2e8c408846092
-
Filesize
24KB
MD5832b664db8c95c83ff39b95fac93bb5b
SHA19d244b3081440efd5dcb15c341b2e790e5af359c
SHA256d1d1d00928970105a43609aa8e2516b41e9473ac285cb591fecaf74b69213487
SHA5120d46d177ca250277b341f04e3e4565b048069a14993bd1d89d38d03ac8cc4b499dcb2c181bd86f12f903054923a3bb47787d229ee975d900dfd6297db22c246b
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD53f4ed3d032c84a795289fe9e36f210b5
SHA1ab58518e0961613d83ffe63bc07453903fd24af3
SHA256117e57706410d13bc82a707438b8854bc416e3fee5e3b904a8425c96c30f3083
SHA512b8944fa426a47e9bbf80374817b843ebeb09b26b505fdfb60076a2dca33e9fded317d10691357454cddbb59314152a72bc5b1ecdf9c23a5ad312633074d68ea4
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD58c3836b7fd0b6391f95285dfd83a6d9f
SHA1723a1e3359fc803b3bd8380aa109508bb9ca3048
SHA256a0e5b5e03afa4e88708fd195c619960f8d3461c5ff755eaefc2f5e273678d7d8
SHA512bb4151ca9c83bacd0a8a11070c5d217568ddbca31ff032f3d63887e1e1855e42c61028789c4ecca0a4607683d3839a88926633bd90cccd6d961472bbe8d8f299
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD5a10ad8747c838bc642eea82cf3fc7e4b
SHA191786efc808486bce3509acb8dbba9bf227cf910
SHA2566a8987777006e8c1b8fcdbe57c07983df27605e194227b6c56ab9fa3e39514c7
SHA5122ef1d1c68e15e17447e226d43095c36f6a0f87f7d57c5148ea4da52c201d935b7cea6cba2587798f79ffe42b29be566ca0a4d3ec26826cdc1b12b115590319f7