Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
766s -
max time network
767s -
platform
windows11-21h2_x64 -
resource
win11-20250207-en -
resource tags
-
submitted
08/02/2025, 11:55
Errors
General
-
Target
https://drive.google.com/file/d/1E3bVNS4U6FoaBQG2xJEkbsjMUfkTCWji/view?usp=sharing
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file 1 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 8 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Drops file in System32 directory 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 28 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 24 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 4 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1E3bVNS4U6FoaBQG2xJEkbsjMUfkTCWji/view?usp=sharing1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb047e3cb8,0x7ffb047e3cc8,0x7ffb047e3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7350516077171578057,11328591884548066141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6280 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzlDQUE3QTctODlBQS00NDhFLTkwM0YtQkZCOTM4NUU0MzhBfSIgdXNlcmlkPSJ7NzM1RjI0RkQtMTJGMC00NjU3LTlDODgtM0M2RTA3QTBBMTYxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NUU5OEQ5MzYtNjhGQS00MTE1LUFBN0MtQzEwMkNCMDgzMjU4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczODk1NzQxMiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNDMwMDQxNTY3MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwNDc4MDc2ODUiLz48L2FwcD48L3JlcXVlc3Q-1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\MicrosoftEdge_X64_132.0.2957.140.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\MicrosoftEdge_X64_132.0.2957.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable1⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\MicrosoftEdge_X64_132.0.2957.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff78640a818,0x7ff78640a824,0x7ff78640a8303⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{06F2F99C-6FAA-443E-B70D-3E8E52BC59C9}\EDGEMITMP_DFB40.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff78640a818,0x7ff78640a824,0x7ff78640a8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7527fa818,0x7ff7527fa824,0x7ff7527fa8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7527fa818,0x7ff7527fa824,0x7ff7527fa8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzlDQUE3QTctODlBQS00NDhFLTkwM0YtQkZCOTM4NUU0MzhBfSIgdXNlcmlkPSJ7NzM1RjI0RkQtMTJGMC00NjU3LTlDODgtM0M2RTA3QTBBMTYxfSIgaW5zdGFsbHNvdXJjZT0iY29yZSIgcmVxdWVzdGlkPSJ7MjEzMzREOEItNjI0Qi00OTc5LThCNDYtQkU0RTFGQUUyODFFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS40MyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuNDEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMSIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7MTJCQ0IyMkQtQzkyNS00Qjk4LTk0NTgtMjE5OUM4M0YzQzRCfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM4MzQ4OTQxNTk2MDc1MzAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNDExODEwNjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE0MTE4MTA2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTcyMzk2MTI1NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzA3NDAwMzZhLTRlMTgtNDU2ZC05NmZhLWQxZDljNGNhNDY3Nj9QMT0xNzM5NjIwNjU4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWh0ajBuWGExazV0eDg4d01hWjFkbElIZ3pPSE9iNGNXVkQwZEFKa3d6eXFkSnZIdHFreVBKcVlUU2VwVlBhZ29EaldUTW1lanhFS0puMVJ1SU9Jc3BBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTcyNDExNzU1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDc0MDAzNmEtNGUxOC00NTZkLTk2ZmEtZDFkOWM0Y2E0Njc2P1AxPTE3Mzk2MjA2NTgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9aHRqMG5YYTFrNXR4ODh3TWFaMWRsSUhnek9IT2I0Y1dWRDBkQUprd3p5cWRKdkh0cWt5UEpxWVRTZXBWUGFnb0RqV1RNbWVqeEVLSm4xUnVJT0lzcEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzcxODAyMTYiIHRvdGFsPSIxNzcxODAyMTYiIGRvd25sb2FkX3RpbWVfbXM9IjUxMTY1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU3MjQxMTc1NTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTczODAyNDExNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI3Njk0ODY3MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE0MjIiIGRvd25sb2FkX3RpbWVfbXM9IjU4Mjc4IiBkb3dubG9hZGVkPSIxNzcxODAyMTYiIHRvdGFsPSIxNzcxODAyMTYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjUzODkzIi8-PHBpbmcgYWN0aXZlPSIxIiBhPSIxIiByPSIxIiBhZD0iNjYxMiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7QUEyNjY1MUYtNTNDQi00MDVGLUE1Q0UtNERERkQ1NzlGMjc4fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuMDciIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIxIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9InsyOTUzRTI2Ny1FQkI3LTRENDgtQjIzNy1CMTQxODYxOEI1NUV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD5b4c8ad75087b8634d4f04dc6f92da9aa
SHA17efaa2472521c79d58c4ef18a258cc573704fb5d
SHA256522a25568bb503cf8b44807661f31f0921dee91d37691bf399868733205690bf
SHA5125094505b33a848badcffd6b3b93aad9ad73f391e201dee052376c4f8573ba351f0b8c102131216088ffb38d0ed7b5fe70ba95c3ac2c33a50c993584fe7c435e3
-
Filesize
356KB
MD51b8db090e62ff3de9a56adb6aa63dcd7
SHA18a9726dd0f2a21f327a932d451887315982d15b6
SHA256409ff8355d1a2cef819d309e063d05426a4c5cd1c2d467a113588a69c2977c79
SHA512b440de876b80004737c6d539e3e527ce12d2d07d4c4579bf00f6362d91b0162c19b2c131124ed511039c8bae006f9349c5fad546a15c6dcba1dfcf133e6c3362
-
Filesize
152B
MD5066befaf57a1c901c7c885b1996d027f
SHA125913cbfb3aadb0c7e28307f4d622296241fb1d4
SHA256c3d2a6b2ef9f2bf15c227ea6008aba027c9b042ad63b2f243972df4cc86f3e6f
SHA5126ebc8096cad307863ca43dff3cb3ddd3dc2acd701bceefc7eca6411efa1b7a1fbafbe856ed9aede6dbb8a145887ded344b013d3e20d6950749f5f1d3ac126c6e
-
Filesize
152B
MD54ad7e2823ed71b5f41dbe2e9db624220
SHA1e3b873970c0af4dfda35b103b11966c64f71afb8
SHA2569a6b7133374433f1ac7479b4d275efd79962d44e8c3f02d00e91712c7cf33a84
SHA512aee44a4b77189040c7a62ec6135dd761b983a266414c19f681ecba19812f5a863310d1bfee4041b1537b0098ec455931569e80bc5e2e8b1f075e294d3e445c62
-
Filesize
456B
MD5a3a1428f1433a7b1c31436a982f1ed01
SHA1ec49d69752ccfa3a6668aef6b2df8eb868f5aded
SHA25648e89ee12eeda4c3818289d871b1672cf61a61c2aef9fef05ea435daca787517
SHA512d6529bc3956403886ec2f3e1c315ee68de431d52c888c6bb49562047c1f14274b09e2c8dd4900af4897e61383b36a414b50823527cc0b907b265b8a72fe44124
-
Filesize
3KB
MD5f1a3cae79337b62983077126e398c7d7
SHA14bcc397385549df1a37019379f42cbe0a012df7a
SHA2564ad0b566349f08f8a721174435a986a386af9da1f7ce581aedb47edda6791e2e
SHA5126fb2362562b6412a4d02e1e9275e889fd8dd026ca18e85b615b34fddedd2072346e8c6ef920e3ce400c8608b9f055ffab042a721970a9456a2aa1d070ece8ef0
-
Filesize
3KB
MD55f188f2fd9576f44535b28899488b487
SHA1d055eaa5e0413d9756bf27a6a63014b7c222fba8
SHA25607e737e0210f312ae9f820e5b26c05aadaad6cfb7a5ebc4b90b20fc98ed6f8c0
SHA51220f45db82bd719c7da3aad83452f755857c7dd5aefb7041adeb0514eae4153fd7a8f52232610aae49bd903c609e9e130c4854e240e5bedfba171911369583cd1
-
Filesize
3KB
MD5342c5a65394e68fb5b9fda3216c23854
SHA1184a13e261e5fa4f5d4c558acedac74de2f6a1a0
SHA256ae48077a35aadb820b88237863ec7c46cde55bcb70533dcd9d58d6d166a58e56
SHA512fcf45bc7f594c4d7eab2b9b7d4ff27be8b9a5f7fc0b09b2899429fca4393ae3baa9ce4ed6b9ef6a2961e423e1d68aca8683ce5a204405c5be643dc25f71cbd0a
-
Filesize
3KB
MD555a6d1c31fc955984701145aaac1ea06
SHA12996e00569299bfb5330c1d315aaec020eba6cca
SHA256baa8f6ad6fa9bd37127c00b650fb6083ef97723d64569d25c99fa28f5ae27b95
SHA5127797096241834a0576953ff55a66c9226f783fb815b69d82b6e3c8a21684232735854d8bc0f56b6f3f4dcc870585cb32ff479e3462c3dabf04d15d57ebb88dad
-
Filesize
3KB
MD5647ac4d8f95146b397dff27ae1fbc105
SHA1002e61c03b7ad4181161e70455d0dc9afe879e4b
SHA2561bfbd0e04a3ea3f970ca20b86da27ba92f2cffb1da46bceff08912ac94105b4a
SHA51203f4474e3a6a200314be000a97b5958521f4f406781a9ee92a87a022571f0e33f1c12dd7c396c983bfc20ca2544dcd746c21071b9fa2a221eb0cb10525f278c4
-
Filesize
3KB
MD5341bae3efbc5c39433edd7be0a11ef52
SHA1098384a5344acbc5b270beadb3046dbd84c427f6
SHA256ea8994f0ecaf2e94a0388eac4ed2e96d9eeecfd7db3089feddde34b2f6a5063a
SHA5125da20fbe253e39c19eb3075ec14e56cf4294c55624a0c5cd4cc2bfdb9a61d1c1c63691f629599d7a24c7f85326fd224f29c2f37ebed3b82c997812e123e70a5d
-
Filesize
3KB
MD573f1474f07166d5bfe18e25962a1a3e1
SHA119d71bc93469710d4c069c87e3703c9c9cdfea95
SHA256bedc0dda42dafd204da9fab5ebeae57603c6d96d3dbb51f26ef4189ce990f66b
SHA51209b72a2d0506d6f15cc8b7a088fc4eed81a7798d8779afe9c792c542dc7548680f8bcdc2e96bc0fedf4659030d64621858a84a7e44f9bb5be2e5ddc99c0ce98d
-
Filesize
3KB
MD5086a146628d9fac4358e4be495b2f8be
SHA13be501d75a42a5ecf8ae69f53e6f979a3980c1e9
SHA256eea6b4525bec3c17a58b4826c1d6072bee779eb863cfd6d986810c87561a1cbd
SHA5122a3e241ad75b960af1c9b45b21e543b6423d96de71745eab97b5b390208fefc473ebefb32de3444802da11d3a01785113a1e0d5d3a980daad9e3d714cea78d38
-
Filesize
3KB
MD57f42b830426225a625a291b58994650e
SHA164d97564501233b8bcfae4b56f815c478d97f74e
SHA256ea6289138c3da61b96332ce76d7e2339ddf9ccac4f0cf649cecc4afceebe77de
SHA512cc1160b3c3c79d2395ddde8bdb09c841d48ef0df8fbdc05042db7b1c4a4184766f6862bed720d64fa756a2ebc9438e549f6316853a76a1576f093dfccaadf9e2
-
Filesize
6KB
MD5077d2b3051ac09602dfe6bef1f83748f
SHA1b470537e2df08b006218fc050abe2f70473a4fef
SHA256c0ca36fda66f66852dd4e7ca5e133e1ca09f1b47d6a99b6b9cae7753e92e22a4
SHA512d863185d57c69e412ac1402ab0ddf43aca7c9263d2fc6cd46de716bc0ccd1d4f1399c2ec3661a846be80413241547d28cdb7f0e61024f550d69055bb20a9734c
-
Filesize
5KB
MD54c2a569ef0d413df2f627dcd6cd97874
SHA16549b009fb4d9e869326dbbaac0b4529dda4dc6e
SHA2569748148cacfe6eb09357cac08b9448576541126e8ee02db8d3ddbec1232f7561
SHA512ced3b37534ea7919b65a8849e7dd8947a6067a278d2b7fd9858bc34d6b34bbe5e6667e9b27f8a40586e109467e46cf89fd8c15681cf8c04ef0e29746d14881d3
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD528d9419cd014f8dd6b30a94fa25950b1
SHA19fcab4d1ac3fbd9e9dfe5899328a9471b7379d22
SHA256422dfd59f54ce85e4c119c72c4f3fe08d0fe4462db4b07545a6251ef424d4fac
SHA5124e157c1315facc3f8cb6621942821becbdd80c1b4920aa5fa476f906a7c31d619488305d3565ede46f95b2dd6f53975a3cba8537eccb8d910b03a62fe4a6e515
-
Filesize
11KB
MD530eea8bc6a2500c5e43a80991e14e2b0
SHA19098419d47d07b07e09a7719a678c2ae35fcc177
SHA256bf7ecdc758f5097ee08ca99ddefec745786c02fd02a5045f82ec13af7f7f75c0
SHA5121e1f9da3433c8dc1cec4aa123247da13dd327d07fb354aaaeafbc01a2f9a1ca0f7ac0c5c2dfb1f9133152dbe02264e2bbb49616e5dfc9f50a11271aa9217d167
-
Filesize
71KB
MD5867ae1d5d3bcd3a0c637afbfa39b3a05
SHA122e24aa08670d1cc5bcc9094695070a319b0b5c1
SHA256319609933effdc256ac8587ad173df55ce4bdc5fbc69772292d46905de4e24ec
SHA51239cdc9cde23ba4288c719abc9b81766eeea4b72af06a11b31d66b5abc3eb2f20b02f79df3ade853c2c71ea608e0e86233c74bb54004420ee8496f7d50914af78
-
Filesize
101KB
MD5f5636dece81968376c086c231e2b739a
SHA1072dcd0b37f9bef6dc26d682dd782512680cc8e2
SHA25683a2eed75df3b77d9be8a2434b827d122d953bb3a11363d44576374a1eb64a95
SHA5123d4eab2cb19af19a3e601bc4b893e2343f241bee2c55553f761f3a266fbcceb71bfb653cd41fab6b929286b9eb1d4e59ba0b153199dcacb24252b7932fe14c1f