Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
18/07/2023, 08:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://i.postimg.cc/pTdDzVKc/Post-Luxembourg-logo-svg.png
Resource
win10v2004-20230703-en
General
-
Target
https://i.postimg.cc/pTdDzVKc/Post-Luxembourg-logo-svg.png
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 8 msedge.exe 8 msedge.exe 3448 msedge.exe 3448 msedge.exe 5628 identity_helper.exe 5628 identity_helper.exe 6792 msedge.exe 6792 msedge.exe 6792 msedge.exe 6792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
pid Process 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3448 wrote to memory of 3776 3448 msedge.exe 74 PID 3448 wrote to memory of 3776 3448 msedge.exe 74 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 1848 3448 msedge.exe 83 PID 3448 wrote to memory of 8 3448 msedge.exe 85 PID 3448 wrote to memory of 8 3448 msedge.exe 85 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84 PID 3448 wrote to memory of 1436 3448 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://i.postimg.cc/pTdDzVKc/Post-Luxembourg-logo-svg.png1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1d4346f8,0x7ffd1d434708,0x7ffd1d4347182⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵PID:5212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵PID:5220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:12⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:12⤵PID:5572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:12⤵PID:5580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8164 /prefetch:82⤵PID:5612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:5908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:5900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:5892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵PID:5884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:12⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:12⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:12⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:12⤵PID:5536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:12⤵PID:6288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:12⤵PID:6296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:12⤵PID:6448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:12⤵PID:6468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:12⤵PID:568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1243633238131940718,16551778259038672696,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7392 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6792
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3148
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2636
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a7ad9bb1054aa03e39b3554833d0c3ec
SHA1cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9
SHA2560c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189
SHA512d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276
-
Filesize
25KB
MD5f99968cb9c94ba58bdbfd6a6c925273a
SHA1d235c81cda42410fa69881e607b7728e2c9ffa88
SHA2569af0545a428ab002398447799fb1981cb1d6d599e0270c32c3b1076742233762
SHA512360879bdf1685d94ce674d3492788f92f2bed90bf3db38a181e7487e3ce627d4dc4535b623015a17ab27a5c06042c2897eaf80b94a62af9c0c854ab058f30350
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD521b4274f66695174cf86a931a08e4f41
SHA172c54f09b843716428f36ba254f1ee1662aa677c
SHA256bd05956b1c0cf93c4db5979e721c1778ebe4517d8a2008348a10309266dc649b
SHA512fb87d30c3bed11760405281e9cd3dc5e215516fc32ea3f953b7a94f04bc957cafcfe0aed7c39d8ea16d7de4e5b19ea78a674f7a5b432df1b5ed99cdb14fac34f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD59f2a4657aeee59ec1bf48be060a95957
SHA1e43d2bdd8953d5d454b1bdde61160a2581aa80d6
SHA256b116a75953860c9e9a2876d71dcbcb3c744dcc84b40a9fe15cbc1f693ca87bec
SHA512d02c7f8c747a1ae30c2dd0dc40bc71123de38f481559588dc2c35858c5eece5f1a6615fb02bb5b432de28f2cbc0eb2d119753c4ac5b48b76ffd5cd0fb0e50c6c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD5219e80888ef7562b052b69ac1e9fa351
SHA176a6eea9e8d20ed53585961d30419c703f56eb04
SHA2564c5422095c94940bcaa099aab45ca6c8f1f723e609c6ebeef2023d9644a885f6
SHA51298c5cddc1a8b15267e654466f67af560664b0a643912ecf78f6afd354144bacfc06b16a73e3321eacc166e11fb2e2db92f5f93e7aa6f5dc8b9d2e19f8c56f7a8
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5e4e69b837f6f0a624f783d1adf830881
SHA1a8e190062a1d3866f8882f5bfdf15b9c965bcf21
SHA256b6acdbc7081cbf1c7fbad76e9241dc41bca2a46b775bda94df99aa97317cde6b
SHA51232ac61a1fda3899e3874f051261f1ca42f1194e433e4d45c78357494650c242f2ac5c061c59726d26523486b83abb1b2cf6e498e956019ea796eaeb552ed8002
-
Filesize
6KB
MD550cc26b3d3249d9399ae1d929f90b90b
SHA17eff789f64f2e9ca1cde25b0c655453cc0e659b3
SHA25618f0fac7df9f3bd939740447642c72ebe269384937e68b534c0ff9ba1006adf5
SHA51227fcea49f9d615d01cad57595f81a5d135d3b435991bde5b5eb5a3d9328d383f5c6538b65bf431e41696daafec6207a73da781f4319009c599b1dadf98d648dc
-
Filesize
10KB
MD534c14b0329bbd95d00dc332ff2a9621f
SHA193282992b8f7fca964fb0538cf9665f8ad4f920c
SHA25626eb8bc936a0f3554b0008556e26949590337e0fb641767dd2d624a7fea8940c
SHA5125fa9420103fcfd23e1b3f65cc695c702c288451ac843e4f67a4590f62b9a562e6dc493a0dc630de0dc6239f391c328252622f089bbdf04b522cda2aa52e199da
-
Filesize
5KB
MD572564f6953c8382208fb82239dc07735
SHA1372036385933f42110dfc76e331fabbefa9fabf6
SHA2561b439bc7b434c8268ccc08d547a9fac04920400344c29c142ab4d4c616391e1d
SHA5124f8ac60b6450a0f152d329583ecf217d2bf43e7da8fe4cf8bc9fa13933b1127e4cfb8eeb9e9dfb8c95b56dac4f42b867b4b079df0c4c27f3b3c8da34e9ff2d91
-
Filesize
24KB
MD5e62cc4051e1f8eaa0abda5d730a2496b
SHA1d15346e40b196bc313cbfe5ac96b3c90b83345be
SHA256ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb
SHA5123e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22
-
Filesize
2KB
MD5258b435374faee854ce69ff9aa54ccb7
SHA1bc148fbcbfd0ac937974c82fcea129408aef02a4
SHA25646b6f8ef5b2e806de793dd030872b410031a3a69292cf5ceceb27eabc5dff1ae
SHA512c019b84a3404c02c0e9da3a2d09abfac688a7629798aaf5e2d2879e1932f1fe7e17cf00af786f5acf891bd42521ca0db268ec074683ab09f066eaf9e117001fa
-
Filesize
2KB
MD53a05e9051038de6756589b909f0d2ea0
SHA16bb5fdfa68254d596c3d19db9c889cdb2b2f03a0
SHA25699cdc84d68b77c95a01cca0b6749699c39f1484661bf1b16acd68591326a3aef
SHA5122d239708cfe1b9a075f3ad800b96470fec47c09447fc38e1d3c5bf525089f49cf69b834ae5a0c2f44705611433cb32f4d4c1683ad13a03743c6007cb05c711ec
-
Filesize
2KB
MD5e8466d37eb15c7f5a1a6d516eb932564
SHA13f2c9e6ed6a24385d5e79582270afe6826b51c05
SHA256a5dc063eb4cbce315faf9a1361e791a79bbd33a21f57883877d861e74882a9c4
SHA5125bae235de11732f811e6e484ef13c46aca7ce7d5cd835511528f0e22b0ff41b3f3226c6888c465fda44e7e7bbdba5ddc9f83fb0f36a2b49d725e7d5a4f4119dc
-
Filesize
2KB
MD5674476adb86dc1515c29bd3f29368443
SHA1f912fd4d035e9f98e8890833b4b2ecd36a33d4d3
SHA256cfce699475dc967603d8bc5ae382bd96f71960bf372493f50a435f48d8ea9c0f
SHA5128c698686d2d21087a029071b6eb790e56f239d6c5dcb3c36658f892e6e1dfac940b858385ce52342e31c3079360c0a5e69e6974c852c2cd5003cb6b15bc07598
-
Filesize
2KB
MD56d780bfd4a4b67f49fafa3dc61fa0849
SHA1ec012624c38047144326d4d54e304bab2c916144
SHA256273db5ec5c22ed4a796bda533d892a4f466abc8b3e9e3a2bcde4a82085efc24b
SHA51211eb2a50b51e5747bb5136119f0183bb2aeef0f9e5c05a0114be88df72de0b79cd005190392fc9507876548609ccff5342643f8317e2002cd6ccd80e510d1e03
-
Filesize
2KB
MD51b83310e5c600b947b9fb5815bd925bf
SHA1de3f932259799681cb1c5c8ec1651cbecca1471b
SHA2566d344ea00f4217001680548e74070df4bcaa7e85506a0423b8836af61ab11b7f
SHA512f136c861fb834bb817ebb9064b8d44d8c5d08c6f0cce19c847b9c9d676ebf0209921635feeccfb2298320fb62ad9eb3cde3497e96cd2931fdaf271bb41d6e98a
-
Filesize
2KB
MD59681dde5096a8c78de68e2dd6c927f99
SHA1b680f0592eeabdea2748204e260080117c2bc6eb
SHA256021c769acdea6f28f7a1555d31ac585f633bd008bab9211cbd3f8f3e7ee4c407
SHA512d355ee4b639eba4f1e1f7a750efac81503391a30a50a721badd7208b424358d7ea8cf3b7510086bb796215833541c4be3dcc16fe151c7c9851e3a0bfaca2dea9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5f148aecac2435f3d663a0fe15ef84f14
SHA1a48827f93dbad8ff45caf367b144c972f48acb19
SHA25640b680c31bccdb486dfbbbfc34f64894a0571fbae36a1c66ff45d2fad5fa1239
SHA51259059eac6595053fe2ec1c10d7eb74d02cb93752db8f66c55e76750aa45159c12ee02be4b25d8de50e96a0e1bc85d97941f00da5c778f48d555e1df1ca643327
-
Filesize
12KB
MD5668fc9773ff47be49968c0661e1e9c43
SHA182153230d88da5aeb4523a6745b11fc4f50ee384
SHA256ec4a15331fd39035fcea91554cc6664991be15b84a697c2df86aca371b215e74
SHA5125a7c89479b9dcdf9da38c28da3ddf48f4edec10eed646203baf160e2adb961bd3af757a650837266bd671b87eeae2116c3b5dd1d0d846649720414a0afef56d2