Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://tria.ge/term...

windows10-2004-x64

6

Resubmissions

27/11/2023, 17:27

231127-v1lffsba2z 1

29/08/2023, 16:34

230829-t3d9gsdg77 1

29/08/2023, 16:31

230829-t1lksadg62 6

24/05/2023, 12:55

230524-p58hwsce64 1

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2023, 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tria.ge/terms#offences

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/terms#offences
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:624
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4e7e46f8,0x7ffd4e7e4708,0x7ffd4e7e4718
      2⤵
        PID:2632
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4520
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:3300
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
          2⤵
            PID:3212
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:2504
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
              2⤵
                PID:4648
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
                2⤵
                  PID:4436
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
                  2⤵
                    PID:2784
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:428
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
                    2⤵
                      PID:3060
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                      2⤵
                        PID:2552
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                        2⤵
                          PID:4708
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                          2⤵
                            PID:516
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
                            2⤵
                              PID:3248
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
                              2⤵
                                PID:4988
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                                2⤵
                                  PID:4956
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
                                  2⤵
                                    PID:3688
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
                                    2⤵
                                      PID:1788
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5568 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4796
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2372 /prefetch:8
                                      2⤵
                                        PID:2720
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                                        2⤵
                                          PID:5080
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                          2⤵
                                            PID:5068
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                            2⤵
                                              PID:3196
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                                              2⤵
                                                PID:1572
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
                                                2⤵
                                                  PID:676
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                                                  2⤵
                                                    PID:4160
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
                                                    2⤵
                                                      PID:4028
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
                                                      2⤵
                                                        PID:4112
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
                                                        2⤵
                                                          PID:1528
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
                                                          2⤵
                                                            PID:4608
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
                                                            2⤵
                                                              PID:4076
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
                                                              2⤵
                                                                PID:4232
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
                                                                2⤵
                                                                  PID:3492
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
                                                                  2⤵
                                                                    PID:3792
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
                                                                    2⤵
                                                                      PID:5144
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
                                                                      2⤵
                                                                        PID:808
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
                                                                        2⤵
                                                                          PID:5388
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
                                                                          2⤵
                                                                            PID:5548
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
                                                                            2⤵
                                                                              PID:5800
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
                                                                              2⤵
                                                                                PID:5948
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                                                                                2⤵
                                                                                  PID:5988
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6016
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,3241737765405193375,10379417156398446234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7112 /prefetch:2
                                                                                    2⤵
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:5212
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:3564
                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                    1⤵
                                                                                      PID:4024

                                                                                    Network

                                                                                    MITRE ATT&CK Matrix

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                      Filesize

                                                                                      152B

                                                                                      MD5

                                                                                      3423d7e71b832850019e032730997f69

                                                                                      SHA1

                                                                                      bbc91ba3960fb8f7f2d5a190e6585010675d9061

                                                                                      SHA256

                                                                                      53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

                                                                                      SHA512

                                                                                      03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
                                                                                      Filesize

                                                                                      56KB

                                                                                      MD5

                                                                                      da42fe3f930dd74503e4ad64f189a94e

                                                                                      SHA1

                                                                                      4769c4ba7d418401fb36a2a8b4f08a6a90e7336b

                                                                                      SHA256

                                                                                      d4b300b79a3e1ef81f249ff8d21144a70ca4436bf34755be82b32e22c2bb69f2

                                                                                      SHA512

                                                                                      f21d05873612d7cd158b48f83c040e368e18cb139fa201e81378e4cde49ba92ff739eabaa1ae99b5a42c65ae10ba41131f9314c2190980e2f51f4bed28ef7bc6

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                      Filesize

                                                                                      264B

                                                                                      MD5

                                                                                      6749fbdc048ba32827f28084f3a73c4e

                                                                                      SHA1

                                                                                      db569a360889d0649ffe8cb6bade186cbf54bddf

                                                                                      SHA256

                                                                                      ae6580b1c30c8f37451755ebf48b68d7c049dab050142449df9453d0823b5609

                                                                                      SHA512

                                                                                      fa7b2df3fc00db803c4644dac9b40ee12dff84dd61275d4ccd72ce0c0f3e0ab9a249ae850232c1d9af6e0c03a5572059f3a340b82d95017d59b671a0d7a0f43c

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      f7dde032fa6ec0ae320a74dfe1a3e897

                                                                                      SHA1

                                                                                      017b0d1fb64b0825207a7c03ece9bd2176ed6100

                                                                                      SHA256

                                                                                      492bba1c39fc0d8df1d7608779bfe36bcac29a533b25cbc30653bca2310f9498

                                                                                      SHA512

                                                                                      fd9eb3e8643a449dda7471cef6bf249d76c4fe31145051e42a724059bb921bbb9a6a870aee70900480523b4de802fefcc647a788d6f8098329a6a0e7522c39b4

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      c94119ec3fd2dca5f06e1e437b80920e

                                                                                      SHA1

                                                                                      182e16914feb558844fd4029e0132febec22038e

                                                                                      SHA256

                                                                                      e84b80bf64052e38fdacf8af6dfea19a2360a677fa60168fec397cf4769fc0aa

                                                                                      SHA512

                                                                                      f561f527dad05c85ff94f05b01c7c0c929a2ad3a06a06863e68137a1851b2cb539879f9edab59a087d3b6df1ecf8e1cb5131c3b3c0c4f110092632a9ba153330

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                      Filesize

                                                                                      111B

                                                                                      MD5

                                                                                      285252a2f6327d41eab203dc2f402c67

                                                                                      SHA1

                                                                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                      SHA256

                                                                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                      SHA512

                                                                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                      Filesize

                                                                                      13KB

                                                                                      MD5

                                                                                      1d15f172a8f8023657915dfadef38ee7

                                                                                      SHA1

                                                                                      f79abb504112b8da46d4a0b8675fc66c8ba85049

                                                                                      SHA256

                                                                                      8fa126c5695ea832d3fdc654c6777b29d5e248d7e8c42d5e319f787c0e8dd38d

                                                                                      SHA512

                                                                                      668cf6cb082b4edaecdaccece8a4a788c8db34a2671d028ac4ce429284aad7af00fab3b0ecc4792372abb236b10df6d2693fa06a858f38de116e51dfdbe43d4d

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      599a17b13985bdab40b16c75058d2e35

                                                                                      SHA1

                                                                                      9bd2863edee0a3cb5432dfda80f2f28571aa8147

                                                                                      SHA256

                                                                                      f50311295f9f8c6c3378233c6c9ea31718c6449433145fa89877be2a7845fbd5

                                                                                      SHA512

                                                                                      529876d9cf86166b41ca186d6a5bc4305281a8921253f8ca3ddd931dd2989bb6be937ec45b84b9559d316846034d9fd2b3251ce161e0d4b8408447a200bac43b

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      15KB

                                                                                      MD5

                                                                                      182668879c396308f4cfb729b35b2038

                                                                                      SHA1

                                                                                      05edadc37799a0f7672e60d4e055cd2ef830836f

                                                                                      SHA256

                                                                                      d3373f2b387ab8478d34436f95aa6c8c019f24642dff96c20681a4335620a982

                                                                                      SHA512

                                                                                      b3acc3d9261f9a8708eb03b3ebe412bbf32feb4443d4daa6d83b4789a1cbde4c6a06f3f5f70e0680a7a7d9909ce806459addd0b50ae512d85d39ab687b15b25c

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      2f626f0ee5fc37168c59615c6658515a

                                                                                      SHA1

                                                                                      8ab4db0aca7651658f0b1aa22d937c9a36a77b0a

                                                                                      SHA256

                                                                                      77e6a9622f416af00da604c000438150b983e7e1b598c219f16b759debe7253f

                                                                                      SHA512

                                                                                      409c0901d5ab445e8aef490ba96204fef95a4569e08b1d9c027c80862febe327dbcb5312f0db6e08c23f55654e7c53349bc4dc6192c844cb99378d46bd662c9a

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      d44b9f5cace75f93369c7206576b9787

                                                                                      SHA1

                                                                                      6df22488c62dd638dffc677a8cd58a8d7cd7adc5

                                                                                      SHA256

                                                                                      9e57b85b5b613614194c0d8421abe951d6335ad24e7892e0353c6a111d8462eb

                                                                                      SHA512

                                                                                      c00560df67338dfc0512f595721bdbede6caa5e8f684cf13b10702edc467a92aa8233b145da67bac1be1e9a20f77c895cedbae2cca58a39d87bdc438aa931bd9

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      83c62ea0b910a523281d239f6884fb74

                                                                                      SHA1

                                                                                      52d15cb557e84df28f633cfaa617ddebc11e19b0

                                                                                      SHA256

                                                                                      5d3ec4ce1af1f8b0b26e81f00d75484e7ba0c91f08a66d49ab805448b171fd40

                                                                                      SHA512

                                                                                      892aff5ad85c9a25db907ffbb754ec08d61b7724f7fcfc0a609a48c1f126fa51ceaeeeebfacb0c79fef5379799d2d84b71655dab09d4971d03fd0e011b7e1900

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      443b20c2cb99e1108d49354ecf5badc3

                                                                                      SHA1

                                                                                      a684483c2f4a63074070631b93c5690c7ce4c216

                                                                                      SHA256

                                                                                      211fa809376be71ae155ea6800a42ab72096b934d012333ddd9031f3f5eabc82

                                                                                      SHA512

                                                                                      c53913167af42d6801daa7e6699b23b6321c8d23f58c1c29092acb1b1c1ace64b0b7d15a03e8e245606aa8f39b895f5e1b11f1339b9a25093bfbe6b904f50e23

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      16KB

                                                                                      MD5

                                                                                      7cd061b8530aeee13e563ff8951ab861

                                                                                      SHA1

                                                                                      fc0a9d844c3d611654bf00e31f80965e1c0ad303

                                                                                      SHA256

                                                                                      33711b46181e2d8ec9125f9cdb90307f18ff0578d1ed78c43985649cbea736fb

                                                                                      SHA512

                                                                                      51738b03c5c725f13223698fc48bb5ec87eaf7a0ec856d55d356fc26bf0c8da3959a04219057701d5e753a2d90551aab886b002a7d649afe4a356c16245f6269

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                      Filesize

                                                                                      24KB

                                                                                      MD5

                                                                                      0e78f9a3ece93ae9434c64ea2bff51dc

                                                                                      SHA1

                                                                                      a0e4c75fe32417fe2df705987df5817326e1b3b9

                                                                                      SHA256

                                                                                      5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

                                                                                      SHA512

                                                                                      9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                      Filesize

                                                                                      538B

                                                                                      MD5

                                                                                      e859b24686f19a7e61dd304e0fb063fb

                                                                                      SHA1

                                                                                      5721f192bcfebdf1f3ee34b8d3ec85ad4218cdb6

                                                                                      SHA256

                                                                                      cbbd9cda472308f8051b29a2f876445b38b4475a7fc6824afb9d4ff8705be919

                                                                                      SHA512

                                                                                      5b19e8046977adacb8d9f563638920e535c0ab288fb5c6fa71342b781a9a0a3091e662b26cfecf54a72726cee95566b40b229ce79134d641080c091f1efbcc3f

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      b2b3f6d1e4208a05f013efb7251be7f2

                                                                                      SHA1

                                                                                      be66b7b192c8606ad7c4857f23def7f4c8f2f8c5

                                                                                      SHA256

                                                                                      efe51bcefdf83318486b217aa0732c233bbe85add2ace5d0e5926ed370273812

                                                                                      SHA512

                                                                                      13326c53a9f73f09ec0a084165c6f3a440fe54ccc343bc4ae02c078b130e232fca045b52cfd796a663814eee846e19375f6f5e7c3e58757092b06a403458c416

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      b774cdc2ad8880a37fb85a7dc4d5fa44

                                                                                      SHA1

                                                                                      96fb6333833ef28e1c71ec5f6fc868993362bea9

                                                                                      SHA256

                                                                                      a948639d97c86abf1a055224cfe0749507e904c75480b19f432f3b071733e911

                                                                                      SHA512

                                                                                      d68984a3b3f3c821a4a77f94c6983d36e01da89cc4e1d911443b741713a2ead573f039af12697c8ba0e6022ef18bd013ddc907b57c1e5a510790a37b6e64bdfc

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      4dcb401936f1a3386106e1e94de99ff4

                                                                                      SHA1

                                                                                      844ddba823e7fce8fb13090cda65c8808f964e0e

                                                                                      SHA256

                                                                                      5884610f241a9c2562985eae69b6a92e986e6a031c1e09dac53d97886d389c40

                                                                                      SHA512

                                                                                      fae22f5824b6e4a28c926b7b29701aa8070cb40fc531183e7f38cffe1346bebf8504b7b132e724f76cfb862d6aa02957a6378c9c4d11d3d38e1ea34b5f0351cd

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      e411dd84b3e44c8eedc70011280eac05

                                                                                      SHA1

                                                                                      c226840effa6439020d748141fb19cf388670354

                                                                                      SHA256

                                                                                      b34e87878e1462a1b2b4b695db544b4d48d0fa8bbc2d5544c71d8e37350e2122

                                                                                      SHA512

                                                                                      b053c251dcae4eef5a93c5dafb88f1005e6016ac0dbdc8d093a9f86db2c3785acf63ba08336ed48d6dbb108b87e4b92e06886cccdd304e08c43e2499aa5d6ce2

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c246.TMP
                                                                                      Filesize

                                                                                      204B

                                                                                      MD5

                                                                                      b4300949f8fa0cbff8f8b2f4f2efc48a

                                                                                      SHA1

                                                                                      2504b940fcea5f2adf3d5cfaf6c29aa7df1750f9

                                                                                      SHA256

                                                                                      0cdb918e5455f50c6fae34bf7466303ffbf65cda8a020b8df839772d861e3c78

                                                                                      SHA512

                                                                                      a8b9dc8f9fa6291bcb623e9c115c4c739c4e6f6c16308a078c9d810c1a9bcdaa6bf34a4bac0e80590ff18f50710cf76dde56a82d8fef2d01bb91955c26aeb3a7

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                      Filesize

                                                                                      16B

                                                                                      MD5

                                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                                      SHA1

                                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                      SHA256

                                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                      SHA512

                                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                      Filesize

                                                                                      11KB

                                                                                      MD5

                                                                                      4ebb7bd7f6e610896092bb5d8b4b8771

                                                                                      SHA1

                                                                                      26f7e886fe28e9ac2b150cb3140e635c6906b1f6

                                                                                      SHA256

                                                                                      5f1d7c3d3b1876afe86188062d87fd31d2f2f0deacf918e254e714b40616ae83

                                                                                      SHA512

                                                                                      55f2770e5735b543fcdb8d58703d1cc4090ef36589e1304d5b7fdbe01394559e21d6c1716788547d310a2c2dd0a26782440772b01dc2e37be9122b69927a551b

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      ed87875f148442aaf94bbe14ce7efffa

                                                                                      SHA1

                                                                                      dcdfd6e4094fc8d9734f1a814eabd1bdf5a9d780

                                                                                      SHA256

                                                                                      14fcd0ac2c07c9557cf933224e1cd7f5036781851b3ab5ef5f811daeea9d8570

                                                                                      SHA512

                                                                                      81d8ff30a0110a457a7ff6a75216d8db6331bf610213f0f221929bbd9788dbdd33714fcae2cc6b7f2d5e6c5800cf879a38f032abfcce77428b08c16a5b6c0120

                                                                                      Download Submit