Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
30/06/2023, 14:51
230630-r8fy6aee6s 430/06/2023, 14:38
230630-rzs75ade32 430/06/2023, 14:32
230630-rwfsmadd99 5Analysis
-
max time kernel
865s -
max time network
856s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
30/06/2023, 14:51
General
-
Target
http://veiligheids-centrum.dynv6.net
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 35 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
-
Suspicious use of FindShellTrayWindow 20 IoCs
-
Suspicious use of SendNotifyMessage 16 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://veiligheids-centrum.dynv6.net1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5080 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2ce946f8,0x7ffa2ce94708,0x7ffa2ce947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff777875460,0x7ff777875470,0x7ff7778754803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6524 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6092 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5584 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5604 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6908 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15636768535917510429,9502402674049601392,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
717B
MD560fe01df86be2e5331b0cdbe86165686
SHA12a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23
-
Filesize
503B
MD5f51cbbcfabf41c45d03fce98c51d9efa
SHA145a3f1dba7907f4104510e6e076a01580b06eb9c
SHA256f1a04d6bde992fd9b3441001feff609d1d862fef62e71765a475b3fb26844e54
SHA51201993c460ce291c0433c0556d9ef2a6e27e8349dd4fcdfff668f97f294148f127bf64c92c1ae8679fe32c1e3963c43565b90cf868d90f4620efebc843c3e9079
-
Filesize
192B
MD5168afb0adc8ff44b4f8e63cc4a0ddd47
SHA172b540053e0174bb2f91283baa0004ed3b8671e9
SHA256842f6df2bebf203a8470ff914eef01a86762c91047359fa71723cafce806f669
SHA512ee8810feebffa40c29130208c08a5b2f1cce7d42d64a95e082a2a59ac01dd4e5062622487db94e342fe1cdc5d6234cc6bc602f906fff7f53b79bc65707abd61a
-
Filesize
552B
MD55ef949f4fc563eb3fb08ff17273aa87f
SHA122671b5e1ce6ffd0a88e6063983997154ee9f179
SHA256b39ded9e9ba72ddeb3e59e8c59eb5315c2e9380effc2d8912b9cd37887a3f7c9
SHA512e5743a7c61d7921f0781dd098d5fec9b5a56edd06cbd0ae2b6fb9f33ef4a9b6fbb8670c059e5db05f1232b311b5f43d086477f79f156e1848b398040eedb3de1
-
Filesize
152B
MD5cb62f344ad026c624f757eeb452e2ee2
SHA169d135731ecd414f7f7b1ed5a6d4a6e4414dce92
SHA25661cf4c2a79753705e6ecd28867b548115e83cbdb76a5a124849cd094635d2d6a
SHA51250318f97a2fae97f9483d1eb87b4cb8ec3f22f22f21749f375ee3210ad8ad1c3929f8afc60fcaf19d5fc2c4a8420fb0da5787744c589b25f70ff763c6abfcb6d
-
Filesize
152B
MD5ab6c60116611221845298123c757197c
SHA1f90ee239579b1c40697c32ea688390ff9d777362
SHA2566f72e30896b7ac428f722bf30ef27bf005dff5c9df0a210c05d3077a86a67b2f
SHA512481b8743f7835acdc7463638b584be281e4f99d6b457a50d4276b19ccf151373a7fd2287c51efea2c1335a4263694aed330b5c41313f76a9b149171364e28a3f
-
Filesize
6KB
MD59397c35d05e9b623da7fb9d6fa2b9a56
SHA147259d2b15e14a9034ad3cede0aabeba88f25210
SHA256d5c1095b8c5f343c4708583219c3a75505fcb75efa93b69ccb9eaab59a64cc6a
SHA51203c242d2a63f158b83daeff4b53d5cfff1aef120031e9dcd0347616e70c341fc89dbb8539095769e72798261daccf0968e8c8a07e102af4e62a08670da248358
-
Filesize
48B
MD5321759a432d8addcddc83227c342eef2
SHA10131e6f650cb36478cc882c04c9583416ce510ab
SHA25674769dde79c65bb1af3a51a2dd3153ccfe25840fc0b01599d7947e87e8f37c0f
SHA512f14344cfa4fa9724b21708822f342314553f5121e2f6e61f04e5a88d92fbf6f51abe65a762968a944cc16c12b986f1aee6081c41307b48730698bc9ff5c77b07
-
Filesize
600B
MD580072e36a9effe6c43c1ca4829697d47
SHA133b6d388d2faedb3f7523aa86c21f98023803116
SHA256038fdcb5cef35aee4ac9596c9b8bb4d57aecd0071d185ed7bec4f7bf52f1d672
SHA5124d89b9b38268495820c5dc94dd605a46cce925bc1cda29a656700434636cb9f2bb30f629479b2162dc9dc9c9001086c91851bdc10f7ef7848354c57fc6058514
-
Filesize
624B
MD5cc2140f809e2e1a4820d7dda0f2d746b
SHA1bfcafa3b5add9fc05d2330db3ade892c46588935
SHA2563ca5db32bddbfbc59dd5f238b2440ea56ec264b305de5727a7705d1d14f76a71
SHA512320d65b68f9de9bfa10c27e1c331eb79593a3d2001edcb80b0fe799e7638c438399c1376ddcd031830c39c686c8e84d78ac65124bec3c90016e8086ec81c7d88
-
Filesize
624B
MD5a7418553ba588d46d2a31538919d9a40
SHA1362742a73cda9569c6aee8050351f7321d1dc9b1
SHA25651ec96d0f22bb2d64fc3e11ce9d5a97908a935caa12f96837cf927520b44bf5d
SHA512b0ec89a29c73aa80d7c849d909e5f07c6db4ddebcfa6331a48f522f1d9094f5cb721835e33c45c248f7ac52668692d99565bf21f87a66816457cdaa788685365
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
2KB
MD5e379a4a0ca78db76f87c66bef5ede1fe
SHA1bb2931e7b0a0d77ac2d037dfc7141026674e4120
SHA2568880acf79de5fd8ca61b8488ede7cd81915f52579df2d379962397ad7946bd91
SHA51249456c866068de0d878610f1815de6f0a8c6016eb22fb2b0d2a48bb06d454f477da51197dced3bc29056dfe7f54d80dedb6a6a098c3163908e1f3a8e7af745bd
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD522bab9646c28c8aeccf36f4056be48c5
SHA16a85df6af88f76c8f2438954f1f076b6069a273e
SHA256062d1238cb8f919c96cc1e8e55ed0156dd2a5d67c003d093e6011866e73191d3
SHA512206894c15b027581ab8b29c12e73d08f76fa3b552fe9b80a8f36e075499facc316082020606a6a0a3871cfd0b20117e22fbc9033680ea562bbf92cbb030e34a8
-
Filesize
971B
MD5766fd59542e48e395ac3ce113ccb8831
SHA151469561130292f04a782c6e14e0702566eb72c7
SHA256c35e5a202760478eaadab7ae5825df29159a64b926c681f7f242877240ceb454
SHA512dbbe86fd7a266d4560bf4f5cf23e955a1211615dee379642c00cd4a4c33e329837f6297f26451010f25de8e2b14a334ac638888dd25191cbf623afcf69084d31
-
Filesize
4KB
MD5f319de8ece4bc522edc963d822dfd767
SHA13b4ea8bc0e5c5687f662bc37a07d51fbfc0db538
SHA2567eaffe6bfd05199e1b5f4bea69d8930d8d26f21382c26677d2347a031d491160
SHA512e29d3bb50fe4fd6325b8793766aec1d6f9c234d0e6d8789bd8a49c61f65df3dc5d7e63c28e07a06005186b1d2db49079f7f63b04fc9ef07e3af197ef5db31c14
-
Filesize
5KB
MD59b8d1e40fc3e05d78f1e2bd458b9f155
SHA14babbeda6556e6af3f4a25bac7178a70b6de9a11
SHA256531ec5a5548768a8fd21a8d63854a686a5fcb724c74d16f89d4020d6c645c5cd
SHA51266d78f672265c5113d860690bca975deb2de5ddf1a663b6f9d09bd264726f0142477f3a1d500d335e48d36222e479c8dbfa11c93a52cc87440dfce10ee730f4c
-
Filesize
5KB
MD54a65ebfebd8744b339a7b1e32dfea5cc
SHA1b211266e24c173b362d3db79e4089bd8cb55a2b1
SHA256206980a73e504b742d9c981393f45148fe2744d361c3c261ed10226cf7cbb37d
SHA51246e278387ab429967d6235f1dd1706cf20b77df44734110c2a9b2d83fa4a60159de360fa1ad429527ad4dbb6aca3f19cc9dd2abe62af48c9495ed857fe47d379
-
Filesize
6KB
MD5769f9c01db638f2d881b7bac01787d99
SHA1c282ab317e58aca524041211046c6e4246a69f3a
SHA2565fd85360b8fb2899f99a15165ca86955563e78b832678f9c7012786311ebf294
SHA5127de8d26e55bfde7026f6f61050b2a48184cf6fa504bb58a0b883745400bb174dfdd4e17f8babae3a22ddaf4113a60c22f5d1d7ffc88e02debc5c3198b4056684
-
Filesize
6KB
MD50514a44ad4c4e80a3c3977143847e474
SHA1ce9b7aa8d1829c1c36f71cffd303c4527b3afa97
SHA2565d58d66d5f53c0845c75140c1951755bdc522cbb4885ac08cf133bd7d700d33b
SHA51226d4a48fa6217e3e480246cb2831a8eca86daeba2da743445aad73289e9efefb167e33f20659e78b93edd4cac842084d72193649473c566254751a389855f35f
-
Filesize
6KB
MD529174c0929439d334000792277613bc4
SHA1af8a2ff32a00a1a13dc33b354f58baf7742af60e
SHA256b39206059b0800707e37128ddc31cbc8d4c72e86bbbabf172562ccfa4cc50283
SHA5120ff79e97cd635dcd4407a07da011d756f673cebf7835e7956a28939190ae54440d3bbbb9f37411cc29fbf643d728a5d446591c0bad23b0835225f40a0c4b686d
-
Filesize
9KB
MD5bfeaee374c9da0bd637e4dcad3c8603c
SHA1b216b387a7d2dee67346f3db8a32383f08f2e72e
SHA256dd3d58236804f838d214cca400a1ab22bc04c18ea15b1f0d1251cdb3fef30a76
SHA5129a9a0a7efab5b5d4a0a2acd6a6316c5f289c2335da3a4233732b1242bdfaca622d124ee27e1a9c6f0fe1be053307093fa249b39f1325068b10c4ecf4b0f00a7b
-
Filesize
24KB
MD52babd6c48369403ceb0e62762ef724be
SHA12e656183c7dee0ae8ae9b5eb361cd5884f694829
SHA2566e45b5ab488834284f859c30331156076d2429fbbb1c7c6bb8a8f47cec0fd372
SHA512f4bd88b94e4dc547811448df8edbd2851026b33916fc80c8b1558511aa381fe5663c371c8c41e03e2b3171cd5c96c3fa0324f8cf732dcb352cd697cc22864b87
-
Filesize
24KB
MD54350790c5ce221003810409ebaf1ab5e
SHA15b6be3ea1e79b347d2d307ef6e74369cd224fcf2
SHA256718d087bd1fdd3695ecbf02fbf119cd2f281a0e7ab03706b3fc5961d5250779b
SHA512aa8011ac7260c485b7d170d5ee48251eb82e592fdeeff9fef4c90643a48c15a6a8caf7f2dd9c5b39e91bc730e1ab206538a94ec06a06dd87de6b96b6ce0a1ce7
-
Filesize
539B
MD5776fe44bd7ccbc11bba24a26c0648f4b
SHA16b073aaf775db750cae35e2a25c10cde2476520d
SHA256b35e6b8bc070a9d3b8b27e3af16350248b6569638e53710fe4798819f77f5d0f
SHA512719012ff061ac715ee73942a4bdadc6c5cf670e15af84be890f98fffa2b8ff0c597275b11d36111c512ef0c724dc28b373ebf6b56a3705f139b4742b03cd195d
-
Filesize
539B
MD5ada0fd37fedb987d9d80548b6bfa68d1
SHA180663aa27aa11584f4280808c8972fcc64773d8a
SHA256207a5d1d55fc59c5811910108ba5a5f09a0e592a8f6256129d6275b0419a01da
SHA5122c80c3e4465f79278b1175800009d0e765e61482a8dbb1b5c099b2fe9edae380bac265b473b699b5148584767323a735b5d4c55e35663528ade0fcde8aeecaea
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
9KB
MD57e300e4fcaed14462442bbf7c88af13c
SHA1b42202012d3655f598332041c5d68b4f18d0ede9
SHA256814f5dfc0d584a84852d5ae7a3824358d0b52f1cba8f68ea3fff9e8c11afa524
SHA5128e16ce6ba4916b8b4e13e1d656f4ab37b0e1ff5b8561397a965ae6b47012d7333b00b94f1e65bcf83b192dabaac424f6a0a7985811fda6fa8e2389b094a53833
-
Filesize
13KB
MD567c5678f31ff5d2f86c1f84489b17530
SHA1fa8f8812089904288afcf8c4fb9457275b71d27c
SHA2564af4b315e40fdb6e44daca2c67da1f0b5ec577e54a0682737c5931cdd51a51ed
SHA5124368a7c22707d4d40aeb2f7466d8e0e4dbc610702ba08ae0b4fe7a32f092344f4003eca7a11a40bc44140e4f8186e513f49579a3707ae2c161fb4ca1fedaa1af
-
Filesize
13KB
MD58680a8ea77c0a8ac7fcdb7b79b76f0c3
SHA1a25a2fcc56119fe0e216769637810d53386f9920
SHA256678d61756666c8f486d2b0fea3e4b93296d0b6cb6d32e004cdb58cb4231a0c85
SHA51253363df6059ac06b46034e3042ce922baf96e6651cbd761e0ffb23bb4090b77390634b0d992f94b0c0887a99d366633440b698e1a2f66f2162eaaa4adfa6267e
-
Filesize
13KB
MD545b3bb5051bf77facf734744fd0f173e
SHA1d723b601a80e9c5d031eec7ff4011f544bd36c49
SHA256ef8e848f03aaf99ef9cd2732810140a4d8eb4a470b9e1e49d8dd572bf4e6ae24
SHA51243c77e845b79080f24e08f2e771ba683f93711553324ab0b730619507699f8d9f9a83b89a6f9fbf7258f32a11318016e148bb1624da9ea7e747237ffffeda434
-
Filesize
13KB
MD5e2ffee2f5f432ff7d1cd0f9e1ec5cf88
SHA16687b1739a51e256c1aaa0ae18004ae840ab3a11
SHA256022a73b7567916a27818e190df517c5620563e0e925e7844f53e17b412aec7e7
SHA51264a0b5ac6ea984dd437c6d9367f01d8a601d1d674461ca0c499a986b02ca2d7df35b845f256b853748950d6c4e33bfbc8abfb7a5f4398eb212aea3898945dd91
-
Filesize
13KB
MD5ab53cdf201f50e89ae890bef4de4db3a
SHA19254ad5dafc539ef1c9495122850a19ebbf667de
SHA2568ecec0c245e632d995f8548dcdfd310914f5cb88e9d85172ddeb9b3a50af701e
SHA5123945629bcd29358e7239b3fbd786051856ac8b75abd11917e90025c439131c57ce24c84c834ae99083e0308c3c1dbd2a17c195b572f9f9fcb76e7ff8de0a9374
-
Filesize
13KB
MD59efe5fd2ba9dd09ab6a9d21ec08a8d55
SHA1acc9a7590d63f37b6235e209c2252daae9d5805c
SHA25695bd7014a5ca1d7af57dd8e9fe1101704a1942b31c6c6652dd8e31439c9944ba
SHA5123a3027d2b9414eefe9e753bfaeb57606c97b8e8c3a65684053f1ce891b7386a1c8e660bb8c88cb8eabdd15a51012c11a441669304d1e7fffbcbfb19fdc7810bd
-
Filesize
13KB
MD50118a44d2e4fe86a27cd4d2abcb42d5c
SHA1877108b72356577ae3b1b1d009ebb663023f38a2
SHA256aebb8c7882b7c8aafccb6103bc363878ec92967ad716c0aed7ed080d2007a45d
SHA512ef43170445e56d53e03e8da5df5caa96c1c9bdd8f60bcc475b2be035cb76d17a1e7826541133343e51311a602cd1de7ee43bd434efd31a80e68f735c64eb60d3
-
Filesize
13KB
MD528eec756aaf1bbb0fc418143f1931d4e
SHA12b9fd1e2a773b32b2e1f4fbdcbb2fae89b41c17a
SHA25682ced4a5e4b1f37bbdfb898f85fe79bfd28c89aec70a182f7b7cbc1ea9e32cef
SHA512c808ccf50a0b244071799ceb5743e4977e7bf653d3ac32680e036cbe3b1aff149a81d725831fa0ae7b28240b743ddf2a3aa8e809f77da7254d818f4c851d6895
-
Filesize
13KB
MD51ba68742e9e3e1003d3fb060ad73257a
SHA1d5cf58bde29383ce364bf6966bb456a2e44c6cfb
SHA2566069a1f78965d0544ee8b56c0431ca802211507a36b6e77de38e48ee7efbddea
SHA51296a488cd07d03327e2c54b8240f33d94c87ef10c4d01293229f7059bd7161e2b92a30de3643d5be300ea743fa6d41c491b6a2796c83eb5431f854f06a74356c2
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
3KB
MD5c635afc0cf96ee5373711253b3558480
SHA1d1e63ecb8c0f183f210ac0bb41a04d2bf0087d85
SHA256f4df0b7d6e4923d2b572338799631068c495c628350fb26321d2a204679e0dec
SHA512a8f9dc8737a1f7174cde994c9c53e06399529629b8fba649bb29524e93396c61e5727c40c05eb97e9bf8e858899955811506e3430a987314353fb7939cfad68a
-
Filesize
9KB
MD566b262a00e44ab493e8d6eec1838e79d
SHA139cb6db2939c1c72cfd89f7b98b235ca4f29c8aa
SHA2560fee178bb53e5d20cc2f33bc2897712124402823657ce195b7dd465234878f34
SHA5125cb203f06feaef24c19ba7af7db86d85b5156660362761f657a6d2b4c5ed3864e7da743857a8797c90da7c40f0de30f46dc5b97c143a09aac4d4238c2cfcbba2