Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
116s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17/01/2025, 15:16
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
lumma
https://inflameopooi.shop/api
Signatures
-
Lumma family
-
Executes dropped EXE 2 IoCs
pid Process 3332 vs-game-force-sof.exe 3240 vs-game-force-sof.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 5 sites.google.com 8 sites.google.com -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vs-game-force-sof.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vs-game-force-sof.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 4236 msedge.exe 4236 msedge.exe 3012 msedge.exe 3012 msedge.exe 2288 identity_helper.exe 2288 identity_helper.exe 5388 msedge.exe 5388 msedge.exe 5724 msedge.exe 5724 msedge.exe 5988 msedge.exe 5988 msedge.exe 5172 msedge.exe 5172 msedge.exe 3332 vs-game-force-sof.exe 3332 vs-game-force-sof.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeRestorePrivilege 4072 7zG.exe Token: 35 4072 7zG.exe Token: SeSecurityPrivilege 4072 7zG.exe Token: SeRestorePrivilege 5920 7zG.exe Token: 35 5920 7zG.exe Token: SeSecurityPrivilege 5920 7zG.exe Token: SeSecurityPrivilege 5920 7zG.exe -
Suspicious use of FindShellTrayWindow 61 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 4072 7zG.exe 3012 msedge.exe 5920 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3012 wrote to memory of 216 3012 msedge.exe 83 PID 3012 wrote to memory of 216 3012 msedge.exe 83 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4976 3012 msedge.exe 84 PID 3012 wrote to memory of 4236 3012 msedge.exe 85 PID 3012 wrote to memory of 4236 3012 msedge.exe 85 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86 PID 3012 wrote to memory of 472 3012 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sites.google.com/view/exlauncher69/download1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7fff553246f8,0x7fff55324708,0x7fff553247182⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:22⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:82⤵PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:5264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6656 /prefetch:82⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:12⤵PID:5376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:5708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:12⤵PID:5976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:5192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:12⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:12⤵PID:5424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:12⤵PID:5508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵PID:5600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10077307614053610754,7896727437037173329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:12⤵PID:5404
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2668
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2868
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:456
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof\" -ad -an -ai#7zMap2876:132:7zEvent138001⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4072
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\vs-game-force-sof\" -an -ai#7zMap17346:132:7zEvent261091⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5920
-
C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe"C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3332
-
C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe"C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3240
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7cb450b1315c63b1d5d89d98ba22da5
SHA1694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA25638355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8
-
Filesize
152B
MD537f660dd4b6ddf23bc37f5c823d1c33a
SHA11c35538aa307a3e09d15519df6ace99674ae428b
SHA2564e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d
-
Filesize
20KB
MD5760732f59eb4b6667ea7abb23565cd9f
SHA11091bb22993c329339b95a007b890fb68ad2aa1f
SHA25609353aeed9bbcb92f5c59024b36912866cafbfd5fba5ba7f248a51817257396e
SHA5120d3686556737c58ef71113a89e6a9cbdb698754a5c38d4399e213d97061d0c9a677e70131f4b3e4e6aa5a290be21408597206d7678ec626128694676d2158096
-
Filesize
20KB
MD5bf19963f072b61208a423c95d2b0dbb2
SHA17b39999fbfdfc5f646c47e07eddff767a8f77057
SHA256cc731c3775c0ab17bb6d658c01591c6aa240fc0fd4ef4872792389020f1ddc8c
SHA51249ad4dd456ee69f86de1ef6dc6b8c48bf9e6652e0df7e3370ddf944867c7b416d3e7e3703f01831cafa845270f0af6a1b088b897afc6a48c67477c424fa6cbee
-
Filesize
35KB
MD57c702451150c376ff54a34249bceb819
SHA13ab4dc2f57c0fd141456c1cbe24f112adf3710e2
SHA25677d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583
SHA5129f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59
-
Filesize
20KB
MD56408c37d09ecb7370b4d61ea51a15ad0
SHA18fa447851c7db6c2a4e20a13d769ed926daee5d5
SHA25638c4bb35d2dc312b0e82bf8c5098495fd12d73029dedb6014c8f3ead635e641e
SHA5125436d6204625fcc424989776d5ceb7fbbe286bd37bf077967289ce336ecea0e1db85f064d51d4a18877cd96be0d20557c682bbf2ccc6e34d6e096557aa357311
-
Filesize
1KB
MD5163f2c023b94e0a5cf5761b6daf3dc0a
SHA16718939b57301f98b0972ee87c09fe417ce766fb
SHA25648418e21a9f1101de34589396de8fbf6080e1d0d973ec23b1d1a41e42d1be2a9
SHA5124edc881400b0a14077d92c054d3e317f3cffde9034f26ec6c341da6593c2803b0ac79ab74c0e7d734e4cec7724eb2431e0482e62e75f07571a685ddd678098f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD573cb6036337ebcc15685df82317550a4
SHA1641678e20defd8315acef87c35b026ac10d5ee1a
SHA256ff502158d6756c1a68d6704e72b60dfbf3af0ab733c9ab7f51586c7ed45590c7
SHA5127e36fa011fa7dd052df7cdb53202346f0524362360d1805510d4faecaeb306f21343258880f39ad993349b1a30c96c16376f3d945f847f2ffd1b4f15b419e2db
-
Filesize
5KB
MD5c6d4d224e74546ba1faa704edfc953b6
SHA15daa90cf850d8db452200529ee9dc7c24c93b8bf
SHA25665cf5d2417e4db11781256c19e5f548304100b48f0dfb17497a6f64d7e96ba42
SHA512d377050d5cb2a380a9384c72af131b6e54f0b4c79eca86524fa2e21118aaab0c2087a636d1b3595b58774597b5df85990db3351f985e5d6ba911894cfbe9aeec
-
Filesize
5KB
MD541eee19a8d08d3dd631dfe0730cbfbdb
SHA129e9beaaa0c4d3887bffbfd3ced153657146725e
SHA2563d14d67e9354a49ae501af6f9525b2940e291dc329b1887b63df4d9deb3284ae
SHA512604d2dd0126ebd5ac6be719354ee6f082c7873ab6034d11299deff9593c8e2d20588c87dfa3aae23407d847a37fa95095a5c946bbbd39325d873ec6fdf8b59d6
-
Filesize
9KB
MD5d3a3e4152ffd214c988ab1a9d5b3b43b
SHA143c19277c1c066ea68cf4bbd0c223a280a492a08
SHA25631e6012b739d100566c4155054dc55157a0e7f7b997adb44d68014fef7611305
SHA51259882ee97f4fecc7dc037bbc618c13a396f2df65e53ac8b1ddb230e435563b3f8c3479f2bdcd72aef6379b67cd5d8563adcd619a510829e82d8c92f77740015b
-
Filesize
5KB
MD5e1c7dd26c01b587d1c70dfa0d66dcb79
SHA188f3dadb64e2b0526f5f712a5245b9cc2aa9f8e9
SHA2561cf1708f63730573496c391a3e1e7c487fcb3d46525713836c4089235a562f27
SHA5122d68cc534f35d2343239b692efc968981f9ad25266b80e5ef9d7ede3590143f6e5a8869c05cfa65e8daacf069fd0c963ad34140c0c136598d72080f2e07f4373
-
Filesize
8KB
MD5561d15241be2199892b2b840b21684f2
SHA1fa9c79eac7497b91d20e4bc949878590f9b4079c
SHA256ef8868426f208d7a799be977215cc03e2fe107085e8c40241fa7780cdebf8914
SHA51230c747aa9ac241db6134cdfdf55375f392ca249315c498c95ff0a2b25b2a943d5de83044608ab63086d75ed2f061237aecafc7d84ecfb2712b9f1f092f564621
-
Filesize
7KB
MD54377c230a7b9896e71d5f7211c52827c
SHA18e26f401abd24df9853b84a9d295e7e1791b359e
SHA256ede9e8bb04dadc24ea1a454b14966408b0af9ce7fd03345d18f18f7e2cd443f5
SHA51226112719346978e03feaa18139807129274cb91ad4419b749f4ac12373b04c0cf2c00455b95ff62b4b6124d6e65bd817197ab14f45b3dc32594d1aa932872bd4
-
Filesize
8KB
MD5b296c963b2ad99ffe371fbbadae8eb9d
SHA15203cf2909ac25ab16d6bff565b696df262f4f5e
SHA25663d0e14824fa8c8111616e8f5b931c19621b9b1a8f8cecb50a0634daf600cc23
SHA512e4b8cb9b90c464240e09f7e426cf71f7c9aa3e663c5db2dc9ba1d841c290ea5937b70754629cab084557b7b92af82dee01ab36fee76daa55226129389122110f
-
Filesize
1KB
MD550a3c461d834a82125794b74ba66a23b
SHA11498291b3cdaeda2bc3cf0583c3d5a2e1b17938d
SHA256472270964bdb66188b26cdde61b868d27798be30cce644a568554d95b7b54499
SHA5127a8899086d3f755e1d94522c2f15f576b5facbbc99d2ce28843022d6b6e4c1e07cc6c33393ac9c62a3652b21877b1722de86b2a31de5c75ff34e955ef56b2fbc
-
Filesize
1KB
MD5e201708c1999e57b97763f561600ce71
SHA10515a510db4254d814ac6f4d2105ee01538bd044
SHA256da2bc14c4ed0cb4155b97d09db3907aa056f098f64bc915358d68936874d6dcf
SHA512db9bbf7ab613ed0daf4c67fdc2dd428da789f5d8a0b2656141a2c08f6e5c9256929525f1b192779afe911e5352e3431560764953d20c54ac1598f3314070f970
-
Filesize
1KB
MD58b86e71c852d7556fb22994da8551776
SHA154c5e78107e51b0cc66dc2c022a7c6354b3a9d89
SHA2568049202f7e8bb065bdbeefddc41b1e3ec01469ddc5dc91f46b6e92c9dd2d462b
SHA512c50791c1f292295f8c56d7ebede13b7f8d6026d8c30353b901fb580507765cd731f994c539e2c3068a51880198ba6c9430abf7bf269719fc41af370e8b56b0a6
-
Filesize
1KB
MD58f76484deb7732f50368d6107a58f912
SHA139998a57deec77dcf3230665c69a2501d0a92681
SHA256e48d0b880678842d955975eb4f85235379efcf5d18ee38030ce9c229e32bed12
SHA512128d1f2baf3c21bb74b6e12ad5251e2c43b97524aae81fdd4465806884f5565418d1035b1f50fa46ac307fe9d6566eb6cb781301bb3944ab0208c4325877d554
-
Filesize
1KB
MD59b6bc9d477e2d6aef2b6dada8616846d
SHA1e233ce3625655ce955b956b0be6f2bbd66a5490c
SHA256007988d369b62694bf87e2ca6864e06358143a5ecc809655499e6f48cc5752c1
SHA5126bbc0340f47005cc5cc940f020f238d3e87c797c22b4f56c816d1956e8a7f26ee9f2ce2e01534b4507948e2cc2c7d87e117a97d484c85fb29e4cc6d26e6b76e5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54d2ab42f95cd17491f8036fa4b942381
SHA1b8ad8dcc8378cf59cc531041773d84d17fa2d9d5
SHA25698ccb4c21aae8d0bc48bf21b76a6eb4e5ffbe5e38e9fad40e327f1e18aa20a51
SHA51224db284c023e73e61537ad67e03b8db6dd19901aba17b9f4e588252f99c6cfdb08c9b00d210605d29438254a10eae80d810e08e9bc45267935367051e691ec43
-
Filesize
10KB
MD52018c6269bbe3f38532e7918abdeca13
SHA1e6359fe7bab5ec961d51004c3b3d6a6dc0b77a93
SHA25642965c060777d74509941dd74afcb66562d2b078a624e98654f4db0b9c92cd0b
SHA5125f522751edfc0f58fa581abca958f2fb8dac3c9712dcc4f52ecfb406d0424e0883fa530dca63a27939969ee4ac7604a1fa1cc7b99bb3f52bc30dfa9637422934
-
Filesize
10KB
MD5a28a1147d357ca5a144590b3c67edd31
SHA12ee7c5d4e897f507a1a7af16dec82f7aa6e6613d
SHA256084a5176ea21ad08af3d46f8d28c9216c8c95192d5724e767a32040efcbd13a4
SHA5129f0476343e806502b37e6ae9c910acc5871bc8af3e8d386d96838d519c701a162576faa950ef4e6f89ca3efad6fb430354e7a7af864f7afa773a08c92a4ef8a3
-
Filesize
8.4MB
MD56fe73c8cc8c7b5d5817022c53779d547
SHA116a8c5c1bca86b64a7e90823f19af40bfcf1590d
SHA256dfaca0b7dffb83c75470cd4e018fdfce420f6c2880c84c652ef56b8d9fcf249b
SHA51232828ab2fd1f60e6cf1825c5bc710bb3962b684f69d2d47915ff40356a9ee595620ac96a175e9002eb70d153efb019c4d213fbb6a23cdb39d53c2071d22faa18
-
Filesize
397B
MD5eee81886e76dfaea3e6d351cffe50095
SHA11c714fa01fbf556b853014ee59fca4b0adb0c85d
SHA256db6e0d4e2a9757f05c03d658a07882da2fa95774d0b490c8f65c3c795528bf1f
SHA5122f0d13edd0d9fc2284ab5d4baa7a522f8c75124af03c5672f00e96d177c249ded4e7a41fb48ed6313f72b9679da40d57306c2a2fe51a56d66f4bf28216b5dc11