Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
124s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2023, 16:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.theprintershops.com/can-printers/?gclid=EAIaIQobChMIu5i3u4_fgAMVKfvjBx3TIwpwEAMYAyAAEgLmF_D_BwE
Resource
win10v2004-20230703-en
General
-
Target
https://www.theprintershops.com/can-printers/?gclid=EAIaIQobChMIu5i3u4_fgAMVKfvjBx3TIwpwEAMYAyAAEgLmF_D_BwE
Malware Config
Signatures
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3011986978-2180659500-3669311805-1000\{3430DA89-E681-496E-8B36-EF29AE3F0FAC} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4140 msedge.exe 4140 msedge.exe 2316 msedge.exe 2316 msedge.exe 312 identity_helper.exe 312 identity_helper.exe 1312 msedge.exe 1312 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe 2204 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2100 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2100 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2316 wrote to memory of 3464 2316 msedge.exe 81 PID 2316 wrote to memory of 3464 2316 msedge.exe 81 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4824 2316 msedge.exe 84 PID 2316 wrote to memory of 4140 2316 msedge.exe 82 PID 2316 wrote to memory of 4140 2316 msedge.exe 82 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83 PID 2316 wrote to memory of 4480 2316 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.theprintershops.com/can-printers/?gclid=EAIaIQobChMIu5i3u4_fgAMVKfvjBx3TIwpwEAMYAyAAEgLmF_D_BwE1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae3e146f8,0x7ffae3e14708,0x7ffae3e147182⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5740 /prefetch:82⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:82⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6232 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:12⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:12⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2204
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1896
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f4 0x2c81⤵
- Suspicious use of AdjustPrivilegeToken
PID:2100
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b5f5369274e3bfbc449588bbb57bd383
SHA158bb46d57bd70c1c0bcbad619353cbe185f34c3b
SHA2564190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464
SHA51204a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6
-
Filesize
18KB
MD5f2dbbcd2b74b03e8d96d592f43053fce
SHA195cfa6d79e62ee075a59e2e4249f5f1abe119123
SHA256577053a74694fce38ffb4e5bf67204d4847fc15b967bac9f6bcefa473d2254ed
SHA5123b91a29e5e754b912f57f610b08b3e1c1b63003bef2377e67c8e7e1b8a9091c9cbad96a4f6b71b018b67b1fb19ad95e9a112f25137a2822c06f770d579164f2e
-
Filesize
69KB
MD5a90d7c369b2a589d9034e9a201efe567
SHA17afe40e9e4002a2254885901d66451e2ab0994c0
SHA2567cc054981e642ae7bcbdbc78152eccb11b31a6d922ea1dfe61e749f8985e498d
SHA512befddc83828674c9993b8912ea83486dcb04389e0d7b45a4e6c19b6bb5e6e0ed2b16d9247c2e633870658697131c094864d3cdd9a2a4c0fb17bb503ad2915b21
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
87KB
MD53c57b7f2cb0d057fcc4738684f20736c
SHA1d4aae3861d8bc401290a065dc1dfa06f0a6aab96
SHA2564408d6e4a2e8e3a301a710895c44177ac8db2baba572eaf3acd9ced75c6ddf29
SHA5127ba4797eaebdc9d5f5eb53486028c899c1fd910db3f1af8be88f218215148f984ff0443c8bf8cf43e0d148fab4ac6a0b8688b43ea303d9932f21287da908d824
-
Filesize
89KB
MD520b4214373f69aa87de9275e453f6b2d
SHA105d5a9980b96319015843eee1bd58c5e6673e0c2
SHA256aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820
SHA512c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54
-
Filesize
1.1MB
MD5d176537b736b8dd9d1dbb929555f4aca
SHA175e4a868cc196293e5633d512c33d53181a42428
SHA25644ecfae3b3c8a1cbc23de8b8df9a6321b62d1e71cb28c91fface02224b6d1e25
SHA5120aeb4fe6e9a6948fde372c7503840a606c5ccc7ea77fd5a3df5d5b32cf882c21be5e498b2239e727a90c458ddee0947d0b6c1f7b11a83942a1876509ecfed9bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5db5417b0cc7612c16f612817c2a6f79b
SHA152ad064a864f39879ef51aa9504f2688de4c6306
SHA256308bca8a2ee3286dacd23f67b895cb5ebe5dd2d15ec74de70722723a9ef6cd9a
SHA5129fccd3990b3a3f8978d09f78b0de3cb9bfa8cd0697bb601e6f807c82d4d23e1fee31681a5400e37ea8a6a0395bf8844b5b9fff663f9abfbddf73c426b14cbf2c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5f2aac626fb158c59c9646d041e9ead9a
SHA13ff1de3bb973995fc091b7d2b10bbc06a9173280
SHA25617822217408513e51077a9d645266d774d48a07ccfc0e59a93ddb453ea9f7c8c
SHA512ef365cc5aa30d2411020a3a58116c947173c74d5d319ce37b610a196d2f943065f3c1d16d0deee3b3fb48668e6cdb9628913778352e48ff92bd0ee7686862483
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD50ef04b27ff1624b66a14f22ab6b675e2
SHA124959ac9dd9ab83e92f47f651907dfe584a0ecf4
SHA256ea94188aee7f9cf035f79e1483de444f77f7ab454e785b7adaa0d22291930691
SHA512cf23ac819b63b58f6eaf81ac1b185cc0a9da13390495e166d204d3c77cb7bf1175d1b7fef04fcb696bc6c798ad64e252db8df6a7112340e63816d017d70d2459
-
Filesize
5KB
MD504c0b16258ca0504bf570503a72458ea
SHA1469bb8fec1e754bb0c2e0a54b69156a5777c1a9a
SHA256362abe255c845705d05c512bec9c337fbf083ef199375332ee2c5a6cd45480cc
SHA51207c3f1ea3a3f11989a791c7f4e0a772a56d3aa1e8d6e7402bfc9d0f35d788b546a084fc3ee123593141490ff576b2fd540f773f952f0689e328b8421e82f93af
-
Filesize
5KB
MD520250288381ec47f50869fced0904ddb
SHA15e6a55005d5ba23ed50604d8bc850efb3a20af39
SHA2563f672227dd1d595287793731dc0f018d7b47a7cf062899b930287eef5098dbee
SHA5120316ca9261109d53fa17d25f0a605a2ec3f45430d62fa4c787bde83e8c90f5d6d83db5ff4cdd4bb47bc69ceedbc94a4be90fca4680b6bed6eb75ad0095a84212
-
Filesize
6KB
MD5ccf17ec6b5775208e737f54d8ef90e07
SHA18b984ad55dc9093bf05cf82e2e3990885f60d662
SHA256d4a18d85945af5c22fc47b58c4d09aa8009db200f50426334c386a764fe0130a
SHA512b375e02c04c2babd3bc9fa539c558f2baa58907ec76a44bf2bddadbc224f3509f375a6b0fbd8c191f62a143a13d1b0232f66422d6668759999e51c1462675258
-
Filesize
8KB
MD5eaf9befcc7e2b2d88f4c32e4c4a5303a
SHA14c6cab989e2ad3ece05f43d7de4858140ed8acff
SHA2562f9ce68e7236ceb8e65ca7a0de7c37e62af8dce7fc9cdcb1f6d32f777185feaf
SHA512fde4fdbce0c0d657144c1fce3f15868e5be8739580241bffe2cf14ca7646cace286e149d8d9a2f1ea3ab1017bf92cda52ae014758478c8690f82ba0624d60180
-
Filesize
8KB
MD586ccbb25de73cae147a195c456935afb
SHA151552e516626aca4b7b5fc7c7ea57d0baa5d40c9
SHA2568e6774ef6b8902b056ab12984a5beea8554c8aed505ab5134b65ea588e488bd7
SHA512d4329c4ac944c656a368656239a72c9ee01428c373a9839329719e4b9bf69b2c42769d2891aec3551492f6d676ae36fb15012c379cac33bade63701b866c2e16
-
Filesize
24KB
MD529213338df67d29d6454ee5d61ad3970
SHA18c69ca76a2e639060d5ce835a9600e6ea3764a83
SHA256d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51
SHA51214db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407
-
Filesize
1KB
MD534df543ac965537eff68fc66de3eadb2
SHA1e3a942de11848898e9dfd3e7e872127e49e0dbe9
SHA2566f83d0883e2497568bb6d7c5fb158b01b5ad88a636f45e44dd9aeabb20a66458
SHA512fb8a3af82d35eed41bdc5f53dfa507fe1afaf06da93aa05ded13499e472d43e76da9b8dc226b959efc20c01915e751fc3a5086adcba38e84bc66919907410c3d
-
Filesize
873B
MD57bda76a15e3ab403ca8e7bbf212775a5
SHA1519b471d04d4d508362bd4998f0cf1b2601bcaf0
SHA256ee1af7d6301489434a80b9ca2969461d882f7b754959187128a0077678b6e52a
SHA51258bd4ea3329e2c63ab7ce1eea5da33d3f4183f4399f91ae2f05b9c63d401dc1d70d2ba13677b257f26f6b053fe3e30a6b804b27ae5023028f7ed6af15514fc5e
-
Filesize
1KB
MD5481e4dde0f96883c38c26f52d8055ff5
SHA1544f4dd497243cdc49a695b3e1c24102692c3267
SHA2568a380da98ad8cd8efe15a6660fb25769b06c878d7fbe75e7c0ec2da6b3715f15
SHA51226c52031fc5d790c00a31b91e9abd5c67c0d3b8a111e57d757beb995e3ddefca8920f423a29de3c87a3d2141953d80a7899043d9b88b566d407f28fc0aba7359
-
Filesize
371B
MD5d74a0ea363cb0b26bc39c9f5f3f3dfd7
SHA1a093ab695528c5e4a8afeaa106142bc085763977
SHA256f5fb64153624d6ab62ffd1ea40957144b2c835f086932507058c05b2d4fba19d
SHA51269d58f432af0829031771b7c2ba9f874b8310b2ab85d1d7bc849e6eb42fb96d3dabd471c697520e8853243c9a4a2dd08ca05fe738f00add77e8b9b718842148b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5a943d50e984b277f33948b9977388988
SHA1d64d71d50cdd4205b2a64b366240c8e6d5a0de45
SHA256268558255915f64ed911a9a65a3e49a8b0ad0f623ac37c72c3d88fa623b087a7
SHA51297e9548dc7a43cd33215c8fc17df9c1b264b93f63c17732baf41a7ce4bbceb2c6ebd7947b1ecab2d2158bc17f52feb37a43211d0eff08a51302b28ded0857a7b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5e7f958c238a8943f775eae69c441f36f
SHA175a5b8b86c4bde0340458489b3aaf16c3a48d1f1
SHA256573c4bb24a9cf5f83b3953bb739dc17d8c0049fa177ba4d563435ed116f64c3b
SHA512c2143b8b1e71df1033bf41a5a8d951067c839b0b958bbaf562ea856e762524932e01f6a6f5907cc1c07bafa10989022fdfc161cda40c2a3f53c1e1eed4ae43a8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5a94fc09cd3f7843ec0d2e0affd8aeae2
SHA153145ad245a6c6355fb714c190e254dcbaac020a
SHA256e54173e25a28a9c0b2650d00ae1d76929846be4e475b5f548f046f97de85612e
SHA512be0fd3d7c43bf40965574af43e39c531fb93882a56d648c6c1fb6b3ae029e3d126646b3b70dece027874496ef36fc538f1a5b0b191b99205b995762617ac7ba8