Overview
overview
10Static
static
10Malware-1-...30.exe
windows10-ltsc 2021-x64
10Malware-1-...40.exe
windows10-ltsc 2021-x64
10Malware-1-...32.exe
windows10-ltsc 2021-x64
10Malware-1-.../5.exe
windows10-ltsc 2021-x64
10Malware-1-...91.exe
windows10-ltsc 2021-x64
10Malware-1-...ey.exe
windows10-ltsc 2021-x64
7Malware-1-...ad.exe
windows10-ltsc 2021-x64
3Malware-1-...ti.exe
windows10-ltsc 2021-x64
5Malware-1-...an.bat
windows10-ltsc 2021-x64
7Malware-1-...an.exe
windows10-ltsc 2021-x64
7Malware-1-...ve.bat
windows10-ltsc 2021-x64
7Malware-1-...ve.exe
windows10-ltsc 2021-x64
7Malware-1-...ya.exe
windows10-ltsc 2021-x64
Malware-1-...re.exe
windows10-ltsc 2021-x64
10Malware-1-...ry.exe
windows10-ltsc 2021-x64
10Malware-1-...ck.exe
windows10-ltsc 2021-x64
3Malware-1-...he.exe
windows10-ltsc 2021-x64
10Malware-1-...op.exe
windows10-ltsc 2021-x64
7Malware-1-...rb.exe
windows10-ltsc 2021-x64
10Malware-1-...ue.exe
windows10-ltsc 2021-x64
1Malware-1-...ng.exe
windows10-ltsc 2021-x64
6Malware-1-...kt.bat
windows10-ltsc 2021-x64
7Malware-1-...o3.exe
windows10-ltsc 2021-x64
10Malware-1-...ey.exe
windows10-ltsc 2021-x64
10Malware-1-.../m.exe
windows10-ltsc 2021-x64
Malware-1-...o3.exe
windows10-ltsc 2021-x64
9Malware-1-...32.exe
windows10-ltsc 2021-x64
10Malware-1-...nf.exe
windows10-ltsc 2021-x64
10Malware-1-.../o.exe
windows10-ltsc 2021-x64
3Malware-1-...B8.exe
windows10-ltsc 2021-x64
10Malware-1-...ic.exe
windows10-ltsc 2021-x64
3Malware-1-...in.exe
windows10-ltsc 2021-x64
10Resubmissions
13/02/2025, 01:26
250213-btppra1pcz 1017/01/2025, 20:14
250117-yz7h3s1qfw 1017/01/2025, 20:12
250117-yy9l2sslcr 1017/01/2025, 17:25
250117-vy9p9sxpez 1017/01/2025, 17:21
250117-vw8eesyjfp 1017/01/2025, 14:16
250117-rk9ass1rhk 1017/01/2025, 14:12
250117-rhv1ds1lds 1016/01/2025, 12:52
250116-p4et7a1mez 10Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
17/01/2025, 20:14
Behavioral task
behavioral1
Sample
Malware-1-master/2530.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral2
Sample
Malware-1-master/2887140.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral3
Sample
Malware-1-master/32.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral4
Sample
Malware-1-master/5.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral5
Sample
Malware-1-master/96591.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral6
Sample
Malware-1-master/Amadey.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral7
Sample
Malware-1-master/Download.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral8
Sample
Malware-1-master/Illuminati.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral9
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral10
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral11
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral12
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral13
Sample
Malware-1-master/Petya.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral14
Sample
Malware-1-master/Software.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral15
Sample
Malware-1-master/WannaCry.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral16
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral17
Sample
Malware-1-master/apache.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral18
Sample
Malware-1-master/butterflyondesktop.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral19
Sample
Malware-1-master/crb.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral20
Sample
Malware-1-master/eternalblue.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral21
Sample
Malware-1-master/fear.png.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral22
Sample
Malware-1-master/getr3kt.bat
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral23
Sample
Malware-1-master/iimo3.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral24
Sample
Malware-1-master/jey.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral25
Sample
Malware-1-master/m.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral26
Sample
Malware-1-master/mo3.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral27
Sample
Malware-1-master/mo332.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral28
Sample
Malware-1-master/mysqlconf.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral29
Sample
Malware-1-master/o.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral30
Sample
Malware-1-master/qOA7iZJcoB8.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral31
Sample
Malware-1-master/wintonic.exe
Resource
win10ltsc2021-20250113-en
General
-
Target
Malware-1-master/butterflyondesktop.exe
-
Size
2.8MB
-
MD5
1535aa21451192109b86be9bcc7c4345
-
SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c
-
SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
-
SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
SSDEEP
49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 3152 butterflyondesktop.tmp 1620 ButterflyOnDesktop.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop butterflyondesktop.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\7d1efd53-a636-47ea-9af5-932ca4362c9e.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250117201640.pma setup.exe File created C:\Program Files (x86)\Butterfly on Desktop\unins000.dat butterflyondesktop.tmp File created C:\Program Files (x86)\Butterfly on Desktop\is-6M9LF.tmp butterflyondesktop.tmp File created C:\Program Files (x86)\Butterfly on Desktop\is-J3A23.tmp butterflyondesktop.tmp File created C:\Program Files (x86)\Butterfly on Desktop\is-L2F4F.tmp butterflyondesktop.tmp File created C:\Program Files (x86)\Butterfly on Desktop\is-D000F.tmp butterflyondesktop.tmp File opened for modification C:\Program Files (x86)\Butterfly on Desktop\unins000.dat butterflyondesktop.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language butterflyondesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language butterflyondesktop.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ButterflyOnDesktop.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4980 msedge.exe 4980 msedge.exe 1632 msedge.exe 1632 msedge.exe 4920 identity_helper.exe 4920 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 3152 butterflyondesktop.tmp 1620 ButterflyOnDesktop.exe 1632 msedge.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 1620 ButterflyOnDesktop.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3836 wrote to memory of 3152 3836 butterflyondesktop.exe 82 PID 3836 wrote to memory of 3152 3836 butterflyondesktop.exe 82 PID 3836 wrote to memory of 3152 3836 butterflyondesktop.exe 82 PID 3152 wrote to memory of 1620 3152 butterflyondesktop.tmp 86 PID 3152 wrote to memory of 1620 3152 butterflyondesktop.tmp 86 PID 3152 wrote to memory of 1620 3152 butterflyondesktop.tmp 86 PID 3152 wrote to memory of 1632 3152 butterflyondesktop.tmp 87 PID 3152 wrote to memory of 1632 3152 butterflyondesktop.tmp 87 PID 1632 wrote to memory of 2408 1632 msedge.exe 88 PID 1632 wrote to memory of 2408 1632 msedge.exe 88 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 3728 1632 msedge.exe 89 PID 1632 wrote to memory of 4980 1632 msedge.exe 90 PID 1632 wrote to memory of 4980 1632 msedge.exe 90 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91 PID 1632 wrote to memory of 2100 1632 msedge.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3836 -
C:\Users\Admin\AppData\Local\Temp\is-4UKQV.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-4UKQV.tmp\butterflyondesktop.tmp" /SL5="$401D8,2719719,54272,C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3152 -
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x104,0x130,0x7ffa3ed046f8,0x7ffa3ed04708,0x7ffa3ed047184⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:24⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:84⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:14⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:14⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:14⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:84⤵PID:64
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings4⤵
- Drops file in Program Files directory
PID:2944 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x144,0x254,0x7ff6d06b5460,0x7ff6d06b5470,0x7ff6d06b54805⤵PID:844
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:14⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:14⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:14⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2224597591129965051,2949298417588043942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:14⤵PID:4124
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2576
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3252
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
152B
MD5501a25f290332c25255eaaf70ee6f240
SHA123cba10495d7098ad6de6936cf31c1b0eefd1246
SHA256420c031363bcb69b4cc540b0afad7180d21b4957a2d6eabe23a40e669aeeebcc
SHA51284ba813e4036be7d9fa08d5fab885421017d008f8fe8d99f56313b54f490c9151a27a67734bb17101691df563efef7e5379250f476e869a848f225786a913081
-
Filesize
152B
MD54c2eb126a03012e4645cbf12fa576adb
SHA1f4fc0dbbe2fca0aab23014eeee6d533aad91b5fb
SHA256ce9774b847a66f7dce4153518d56469986dedfe78acbcca8e97a64d21df5a1ec
SHA51240008285483a37d186c6feaaea96e92f8d665193eb2cd4af0ccd2e77544fa2afedd8aa89b8f09e49e1d6960cbe8543389151d2413c8be408794b70da0eb122e7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD5b07c1c79fbd0c3615f528716a6f2896c
SHA1d8c3d943031b3056c4e1e767b6748036d1552308
SHA2564fc0dadcd229233416a2422daf8ef9998a6658ff10197ef6f4ffd4dc5b08e9f2
SHA5121fdf537529e13ebaa822de2a16ed5b7d58979ec262e1c5c37525afdb810d70649e905e074174c86a3ae7aaf4dca4388cad5a878408d57e64143bd41894380765
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD57d7e57d201b69d213ca67ea960648f27
SHA1ebf078ae2c06f214044fc7616a6ba274a0ecc531
SHA256976d1a5c649ebf026ebde356c9315f96a92269332e8a170dc051a318b6e83178
SHA512b885d028debc1cd49923d888d3f47a2476cac9578f372e37e5a7a5dfb239f84a8075f8dd714ff246a4e38adb2373bfa10b5b0ae449d3f62f2168a27746aafab9
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
1003B
MD51c507308cc0af6cf24a5e38f9eee5b2a
SHA113bcf840668f9859fe4ff9c9dfe6e3a6cff78e01
SHA256da2a1f6b2042ff72240b1337066ca1284868dd8b1ffd87cec6f909ee72d798bc
SHA51238ef2ab233a9931760f104847891a162b60c5c5a04466ce6a59bc5c499d285f223d19ca36cf8a2f40e084bddfd31cf14ae69686c097515f1e9b656d714c4b015
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe59a01e.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
6KB
MD5a25a3837a457be5994320f5289f4336d
SHA1e7284e6ecd5bbb2d41c013278eda8b182b9ef0d1
SHA256405fa0740ea7e031245afe465091f9ba40b04b055162b98b89f9104c76417219
SHA5125feee8d5854e11283ebb1fc5f9ca839bb768d9cc74704ad0cff4eb13fd25c88d5427709f596a04f17f1e2bed169c2b5b16a7dc979c94635ca7ec54542fa929ff
-
Filesize
5KB
MD501e617c88264e75154ea0e8d3b22fe23
SHA19f57b5b3e19c022216fcec9acde48b35a528896a
SHA25641c520aedf20766e64ccb21abf07eb980f55835340b97591f6f33ca372248d90
SHA512d138bb707dc65f5663091240b42a8b51c5fc3e83a1bc4cea1e97eaa34ff65de9a1db0e4d14f3793dd71fe8959e68807a2d13331139ccc8f7b68ca2acf0a44f3f
-
Filesize
6KB
MD59f80e90679fe779187ba8dd4f49dafd7
SHA125336af48da62b8266f704007c4180ec357e8d1f
SHA2563083136bd3f89f1706eeb1bfda7aada73c99288e23c63788981e6983cb84400d
SHA5126bedc813629338bbc3f8d07f85be92de92bfbe45a526fbdba764d975e0324ff0ae6e1aca7f22cef2b966d751c4b41043d208f902e4c5b1caad2ee39f11d6fcd8
-
Filesize
24KB
MD5ef30b5850d78b050b13ae82ee13c6b28
SHA125bcd922ab2c62d47c9bfac3fafcca08317ad8e5
SHA256dfd732ede1af0d6dc560b9fbef26f92f9fdf83a72da3e6910cb39843be4fed30
SHA512f9bdbddff6fe99cacf3a670ab5504849668c9049053eca2a4b51f74eb050ea4d60629ce29a571223b1cf293101d646067f9f00e4fb3039738921e1c042419f8e
-
Filesize
24KB
MD594ce4b2ff0abce6d838ac24a1b0f4e73
SHA102f4a956ed4f2e2e0ca9c4b75bf8e7245a1cec88
SHA25606180545891f02875414f56a2a8ca3f21c2f415e03644674cff1c9674cb9b222
SHA512b3bf05777fa4abbd7c475657dea5ca9c00600ab6226843150eff563837c3232c3b513afc0ac5ff1976e35979a51f34710ab74582d1316282bdcb67cc17493c90
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD5b58053cb0a993f3675c6fcf70f4e8491
SHA17edc98933d593b7af5b96d228a2cceced6541600
SHA2562b58c2ab1513dba21a4d502808c84dbcd7fbef005ceff8a276b7cda334465a83
SHA5123fcc06a813544513a67620f35f8452fc490a0d96d9653a0971909af39e2700b480114beda04a17bacbaae2a5980b7d96d951d1ae68b84eae8590c95383a099ae
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD56475d64d07197abbb74fee1342b9303f
SHA1a80f3d8d79fb38279c28820c943cec6b96a4cf50
SHA2562445c1933f0955d1f18fb4a3ae2293e46e5fe0cf452db4087348746413adad5a
SHA512e848c759e070194d208d20539411e7d21bbbdad801af9cf121c05b309b9e2844a6e053fceffa55f5e400cc8d74675e7403dc8c9a0f7486df0190964e7ed6ae03
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD52c2762981293edbfe56e2c8c3d635e63
SHA105461c36b1f16f099d2de03b7db5308a432b5b83
SHA2565c06ccbff39827a2b5d9d1ba89e292ed2c4d5a9942723be8a78abca450574d14
SHA5125194a575a4e50ce76afec138c1d2af637c00e66c1da0f19c08e7512122d6cbd02345a9b4407ed46cca065a9082e507c44535bedd8a3c7c01fab00ff4cd3e4f6e