Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
18/03/2025, 19:38
250318-ycrjca1kz6 618/03/2025, 19:35
250318-ya273a1kx9 918/03/2025, 19:32
250318-x86gpsw1hs 618/03/2025, 19:31
250318-x8flaaw1gs 318/03/2025, 19:29
250318-x7f6es1kt5 1018/03/2025, 19:25
250318-x5evks1j19 1018/03/2025, 19:16
250318-xyyn4swzdx 818/03/2025, 19:13
250318-xw6a6swzb1 1018/03/2025, 19:04
250318-xreyeswyfv 818/03/2025, 19:00
250318-xntmeawycw 10Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
18/03/2025, 19:04
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
Malware Config
Signatures
-
Downloads MZ/PE file 3 IoCs
-
Executes dropped EXE 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 13 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 56 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x274,0x7fff2e86f208,0x7fff2e86f214,0x7fff2e86f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=2448 /prefetch:32⤵
- Downloads MZ/PE file
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2420,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=2416 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2476,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3524,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3556,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4272,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4292,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5224,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5188,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5540,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5504,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5504,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6480,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6136,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6128,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4620,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6604,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6520,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6808,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=604,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5388,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6660,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5616,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5152,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6992,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\WinNuke.98.exe"C:\Users\Admin\Downloads\WinNuke.98.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6284,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5244,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7156,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=5300,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6700,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4268,i,3888174219806126710,10575398621238720021,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD53406d3b708dcef0116bffd8eaa181ad4
SHA13df64b48bff2b9d4160d900e91a7670046a24340
SHA256fde3b41a5711362d7f3df7d71563d5eb6cc679bae7f80f74afcdf81dbc09eafd
SHA512d22d05c221bd19bc3b07e9a5ed722fbf8fbf75d695302fe8ec441d6d1e653bd63b3751a9608b344cc859feb79c5869aaeedd08bf846dc01a522b3a0dbb1637d9
-
Filesize
280B
MD5a46a324553367dc0b13a007305e4f102
SHA1005a700ac0bf4429024f9e857e2281f82f370aed
SHA256a718f2fe90be4422382450b4959840a13d6d18dea09d3da5394624198a126063
SHA512d3b9fcde15be13451aa441070d9143fc53faa6a2725adea7fb9c340bcb9d7ea183dc1b36c0f8ec21c1748c80bc8fa03a14f198c2fc914c9f8e81702bd8e18399
-
Filesize
280B
MD529f13140c50c2394177caf96baf3a5c0
SHA1680e35060382a846752eb208b62de077d31fd1eb
SHA256f4554eb3e1e133edb5f5f01e19539ffc52adc0b346e19c4742a815e7a92b2dcb
SHA512d964d066a2913d3b6eb73925160d7e9d79a94ae5c6e3956cd361b54fe53833b311990a91346917bc90b227301d864939f6a5a417ff52ef9fe8e21971b1a661fc
-
Filesize
5KB
MD56108a226db50f3646729cf2750944d58
SHA1b44ad3d00d32371b5497f4b1d77d7d13fb68825e
SHA256a8311d23be8c59fd50f1642b1fc85c08192a37b6de2203dd3a4b7bf00dd0b56e
SHA512236411b77e1d99b15bb7fbe28ac423f534d3d85c49a1565a7aa8ceb5b9c935a8eb3be7fd35c0a209a6eafeeb14472ffa01dfb196ff5c44e704b7f2b97cb3e70f
-
Filesize
3KB
MD562b1b84eed65cc467103555571e1e486
SHA1a930a9d53db6f26b1394ec9983bbf0495964f027
SHA256f14b769b55b374550d1b9a2e96295e7f86eb9172d4ba0c2b70c1db4a5d953c99
SHA5124f95b584466d77c42a78491bd252753270d75cb9dbbee45f9198781a610596feb7053b13598d9b707986b84a14c389556e22f1f4efd14180e1b3451d01645bfe
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
3KB
MD5b7f2443851f90f241b4329a41acb7c73
SHA1830c519f6c6eb3bae3b98a80a42e747936a2aacc
SHA256b007f345208084c243dad1a72302b990b78fea5e6264a89aa93e2528dbdb3b8d
SHA512f0cadc310b733df1b4f3257a289df71feba87a68fcf9549e1a8577dd73d3e514a7eee7d61711e31f6cc65f2148b4e7041ae089779f9fe42774778ef572a11033
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD5353c244c45745ad4abd515d2fb02798c
SHA1159c5e03f15267d0248b747f456e91d8ed3b77f1
SHA2564439038f0ef6f28b435d33f64d32aba956c7c9762e23cd560f8b504f7bd20e1b
SHA512b95ef51760e1d7328e987e11241f4cc49d7d361d6e09039ff492fd9c9ce73901afdbab9e86d3563fffb657f78f56fcde46015c847d7078efbffa25f0f9b3144d
-
Filesize
15KB
MD51c1601f322e23d530ef3eb363eff18d3
SHA17e242e2df4e37b8332dcc17900a5534e65596dd3
SHA256e702a7bff4fecf80c307ae1bbebb049f254fceb09748b2f191f2c6ffbc3cd52c
SHA512ea8d015ff22b7cc5456d0c7b3097b5808e320b56c9dc4cfeb8bddb957a25cc37a7ae98aca4a9bddc92d684ff1253c8e4f68b5c8a8f24bcbe91b4a6c94f3592ef
-
Filesize
14KB
MD5cc08c7392d4f94a4937f63fcca24f70d
SHA1f50b140cb561ef987c9840619f57b89ac9cbb249
SHA256c427647478946a5c19364d11012e05a43a1b20cea5dd510f595b615292c52b16
SHA5121f6f1ab31930f5140e6dcb30cac622d95d682165c1f80fefc98a8701eb726e705a2de51cf18d3cb624c0efa397246ffc6ca11c996bfbd4f51f9c4a6336c19be1
-
Filesize
36KB
MD5668be70e8b4c8426986ff1e99d7aa015
SHA133969a54a1a463319a757ef8396b0c91229e387f
SHA256ed076ae09554304ecf3b40c7032269ab5aa4ffba2dcc1bf82711c98d6478819c
SHA5127bcba47dc1f147831ed49bcebb7eefd4568b5a0304e9a3ac068b93c49a1b35c165ddaf15c1c74800b5fa622db2aa7eb152afbb7c913eabb6bb162a7485f3c9a5
-
Filesize
1KB
MD56906a2b1273b87c617710612e8419279
SHA184d68f6963cf8fea0bbbb329152796a73e4250c4
SHA256bb7e40e655970adbf3b91733b1d86e75c9ee74b1e6a3b2c433b63ff57ba1d391
SHA5122326a239fb6c507d7dc4e5ebb2496b0683c05cc8a5654a8fb49040d8ee3e051bdc56143723b0a41cdbe4eae49703022aaecaca2bf2b8d22563451b7d8b99f467
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
874B
MD5ec96029083f581dcf7a48d93d317ee59
SHA118477e6c1b45b25895c92d2c7e0af621a5be646c
SHA25625b1fbc8474f3f5518f6bcaf292b36394cc7563a35b13f4be1b1af3803a8a018
SHA51241048bb17f04f8d7a833cffa27dcc8cf8e789eef4069f077d9fcd55c069a55c355e12480d9dc80d8d6d29e5f6c47c5cb78c05a2e9890879dde25c9002e294452
-
Filesize
21KB
MD5c9f7f2933092a33ce91ca07bf888b77a
SHA15ff577083f0df44a4849d60f3d863aa42b7748f6
SHA2569e61b9fbea255d35969229e2c74919a7fbefc28fbe80401e48005096d68f9a70
SHA512bff44ed9f32cca1e2e50cab99557996faa82fc10d1e3a865839fd342e556292ddf2bcf9a03dca5fb538469d75e5816c30fee9ac16f8799460adfbba18be481fc
-
Filesize
465B
MD538cec4cf09e11348a67be5cf720d9e28
SHA1a30896fe01d142a6ea188cff0f7d52dd9dca12be
SHA256e8996b1c9473284b8e5e61e068191567b5710abc4097401a7e35ad58c56b7704
SHA512c278bdf4faf45ff49cf4bdacc90953465c21a38790daafadffb822309b9d32478c1d1dc151cea3a4015aa5b3ce9ba400e0ae0a95cc9eeca33b7ceee9e73993f6
-
Filesize
20KB
MD5622cf13abe8c4ba81acbbe4070f8d70a
SHA129c39577de789602617632a1ee745e5897805fa7
SHA256b91863cb7dfb695e04f8be6b437f67ba669d1cfbd407a3418cccf12919c7dab4
SHA51225d382c5ef4691018d62f05e28a6d2c321218e1586646b2e628350968f2475d30a13c53c5055bea16451111b1c566e53003af3e2afe3a9e5a3785255069c23f8
-
Filesize
2KB
MD5ee334aba4dd4fb9caec2da190449504a
SHA183d86913e3555e9a83208a777607a621965e9d77
SHA256762156ec3519d73a52878b137bd506781d5ce93e10336f2010ec52ea9ab78536
SHA5125863b59c91b1045cb69c5a8feefc32d579f615c3d1480d13369aff2cdf521e7d991424c4edb61f58b1da763e0bbb98f02cc56b0d9fc01236db2f4acc799b58f9
-
Filesize
30KB
MD5a5ba833310ce846e53c876e7ab2c6eff
SHA134cd71c56d39c17f64bf9db93d04ad8f76d31202
SHA2560831a28cc5c078033b2cf9731517935c2d77d5ad8362b0188faf12f5b247b711
SHA512ac3c053ed9c7dfdf2e95e93ddceee3fa9fdfa550b6c144f8f29a35d134022e1d208d5c6225f19ff72bddcb3a5b07fc28a18cb4c755f2fac2777c1aeb3a3b146c
-
Filesize
39KB
MD53b0fe7183b21545c12ddd04596450dd6
SHA13239e18dbc673f0aa1623453a63363a8b10aab2d
SHA256703378276e9e1f7c919f515a857eddeee4151d634d39cd1c0767b08dba53014f
SHA51254e45f80ca4e1f1f34dfbd6396fede0fc05593142674f88762aa9f27ca910672193de7b5f73b61d95dab712dc93b61088c71754c2755b4672fd35a36bb4a0450
-
Filesize
39KB
MD55b31521c76e931aa3ba45e7ab6729a65
SHA19c618992d7c38804e4d2b082d1950bbf67bd181a
SHA256c1d1490d63d21db91dcb01bf7bd238d57d062068916ce5afa32c78ef8d7e6af0
SHA512a792df3c7ac5fc39430267d72c0ec21368b62f12d693964f2029b543de8d98a31708451c420aee02d47102151cc17f6a96ab1bc8c1ca6bc68ba2f623b571c1e9
-
Filesize
6KB
MD5b5800c5a87f7418f078329c2c892b1c8
SHA14cda8ab321875b916c887f8eda9855429a4486a3
SHA2566ad2e9674491bb2646d210b0c7a09097e4276f1ee71a38ffdb8f6d5f06dcd5b2
SHA51279e6c8af9226a8221b774df003794ea39c657d9c5e885942555bad817f3252eda511dc328b3bb4d19a9277693d85c2977dfba1ada24b40f84455b06ecdfb1f4b
-
Filesize
7KB
MD5bd22b7543ed78539f64b59cdcbfb19ea
SHA1078e51386f9d4af8be1215423dc832e9d7c0312e
SHA256ac8d54ef393e037140c7cfd4293efc9ad1389eccb2e7984449e5266bb619fb39
SHA512bf9cfba7cd94e34b1813ba8223709543bb46f659fac81b475fe56f0d87f7be0af347103ce010fcf14772fa2c307868d1f88433de52e998e9b6118242e34867bb
-
Filesize
392B
MD56e2acdf35a330be52467ed543b1deb90
SHA10a1e2c94fc9357f4df5b9f106655e12521c017a2
SHA2564a27480b1859e80e3cae66fb8024f68555675ff135e5915b748e7d4cb062c9ea
SHA5126334e54ce406c75599ac002fbc26343ea69dd7ea118da9f18623f2df97364015cb549e24e7052a7d42f296b2bcbdbe3de5f7642bdf9e61caee8cf0724d01f756
-
Filesize
392B
MD5545796331b1478c1b1fd8ee4472119a4
SHA1d7ab2edb8e325a9e1cf1def1bc49d6853c2e06c5
SHA256f9358768cc7655ab3f3bf6b0957d4b544315c5e7cfe36cb93b3c67f52c38a0c1
SHA51290e40e34ef482837c1e6dd82845d829a31e159876a22c1412aeb420713bbb41cc69aa57f16a0e05efad1017768396919a6710f187fca85967bcd0aa0dbb3b33a
-
Filesize
392B
MD5881a6ebcb904d7445a0fc49f869a532f
SHA1a07e8e7305c8ee4fa31b05d3734c21fe36b6d97f
SHA256879e778e9c4415edab0a8833a124e7974ba6082615f85f7f2dbdf3e9026c4a51
SHA512792884579f524d9e825bf74f2ba8595f6af254d0c76a35220b2703c46c3013aa5a5b8913dcea80e76a3aeb0ec0d8adb342402030a098ef47bc59628994f25220
-
Filesize
392B
MD518c5b1f98d6edb921ca99fb5e04e11e4
SHA1b479bbce43d2881e6e303c2a01e9c7a6ea329ef1
SHA2565714a476a76d0457654c0117ed01166938c2735c29f77433f5773578a5059bb7
SHA51223b25551f63bfa3ce35ef280590a122aefd1c665818b54e14812a424a216f63b5b50d4e8f4120a2b5074185a3a079dc9e2694859d8802d7812a7cd07e75c1d7c
-
Filesize
2KB
MD5771fd5aa89d0abf0550fa3b4b16c3a99
SHA17df3c659def2c24469d1e0bf98d8629bdc009231
SHA2569fa86ed5fb72aa1f9008918fd952cac4e4f6a93dbacbd4069e3e6d6de086577c
SHA5128223f3f048bf7024c366ef4dbe3c3a2c4d448e9e1f35937f199882c9323b75fa5f118dfb3793b30ad9e07725cb625204b8950f97f087e638f491c645b771b68d
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
125KB
MD5ea534626d73f9eb0e134de9885054892
SHA1ab03e674b407aecf29c907b39717dec004843b13
SHA256322eb96fc33119d8ed21b45f1cd57670f74fb42fd8888275ca4879dce1c1511c
SHA512c8cda90323fd94387a566641ec48cb086540a400726032f3261151afe8a981730688a4dcd0983d9585355e22833a035ef627dbd1f643c4399f9ddce118a3a851
-
Filesize
2KB
MD5a56d479405b23976f162f3a4a74e48aa
SHA1f4f433b3f56315e1d469148bdfd835469526262f
SHA25617d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a
-
Filesize
32KB
MD5eb9324121994e5e41f1738b5af8944b1
SHA1aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA2562f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA5127f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2