Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3DS4Windows...ild.js
windows7-x64
1DS4Windows...ild.js
windows10-2004-x64
1DS4Windows...x.html
windows7-x64
1DS4Windows...x.html
windows10-2004-x64
1DS4Windows...er.exe
windows7-x64
1DS4Windows...er.exe
windows10-2004-x64
8DS4Windows...ws.exe
windows7-x64
1DS4Windows...ws.exe
windows10-2004-x64
1DS4Windows...ws.exe
windows7-x64
1DS4Windows...ws.exe
windows10-2004-x64
8DS4Windows...re.dll
windows7-x64
1DS4Windows...re.dll
windows10-2004-x64
1DS4Windows...it.dll
windows7-x64
1DS4Windows...it.dll
windows10-2004-x64
1DS4Windows...ll.dll
windows7-x64
1DS4Windows...ll.dll
windows10-2004-x64
1DS4Windows...er.dll
windows7-x64
1DS4Windows...er.dll
windows10-2004-x64
1DS4Windows...pf.dll
windows7-x64
1DS4Windows...pf.dll
windows10-2004-x64
1DS4Windows...on.dll
windows7-x64
1DS4Windows...on.dll
windows10-2004-x64
1DS4Windows...ss.dll
windows7-x64
1DS4Windows...ss.dll
windows10-2004-x64
1DS4Windows...it.dll
windows7-x64
1DS4Windows...it.dll
windows10-2004-x64
1DS4Windows...es.dll
windows7-x64
1DS4Windows...es.dll
windows10-2004-x64
1DS4Windows...es.dll
windows7-x64
1DS4Windows...es.dll
windows10-2004-x64
1DS4Windows...es.dll
windows7-x64
1DS4Windows...es.dll
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2023, 14:05
Static task
static1
Behavioral task
behavioral1
Sample
DS4Windows/BezierCurveEditor/build.js
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
DS4Windows/BezierCurveEditor/build.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
DS4Windows/BezierCurveEditor/index.html
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
DS4Windows/BezierCurveEditor/index.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
DS4Windows/DS4Updater.exe
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
DS4Windows/DS4Updater.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
DS4Windows/DS4Windows.exe
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
DS4Windows/DS4Windows.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral9
Sample
DS4Windows/DS4Windows.exe
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
DS4Windows/DS4Windows.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
DS4Windows/DependencyPropertyGenerator.Core.dll
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
DS4Windows/DependencyPropertyGenerator.Core.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral13
Sample
DS4Windows/DotNetProjects.Wpf.Extended.Toolkit.dll
Resource
win7-20231023-en
Behavioral task
behavioral14
Sample
DS4Windows/DotNetProjects.Wpf.Extended.Toolkit.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
DS4Windows/FakerInputDll.dll
Resource
win7-20231020-en
Behavioral task
behavioral16
Sample
DS4Windows/FakerInputDll.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral17
Sample
DS4Windows/FakerInputWrapper.dll
Resource
win7-20231025-en
Behavioral task
behavioral18
Sample
DS4Windows/FakerInputWrapper.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral19
Sample
DS4Windows/H.NotifyIcon.Wpf.dll
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
DS4Windows/H.NotifyIcon.Wpf.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral21
Sample
DS4Windows/H.NotifyIcon.dll
Resource
win7-20231020-en
Behavioral task
behavioral22
Sample
DS4Windows/H.NotifyIcon.dll
Resource
win10v2004-20231025-en
Behavioral task
behavioral23
Sample
DS4Windows/HttpProgress.dll
Resource
win7-20231025-en
Behavioral task
behavioral24
Sample
DS4Windows/HttpProgress.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral25
Sample
DS4Windows/ICSharpCode.AvalonEdit.dll
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
DS4Windows/ICSharpCode.AvalonEdit.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral27
Sample
DS4Windows/Lang/ar/DS4Windows.resources.dll
Resource
win7-20231023-en
Behavioral task
behavioral28
Sample
DS4Windows/Lang/ar/DS4Windows.resources.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral29
Sample
DS4Windows/Lang/cs/DS4Windows.resources.dll
Resource
win7-20231020-en
Behavioral task
behavioral30
Sample
DS4Windows/Lang/cs/DS4Windows.resources.dll
Resource
win10v2004-20231025-en
Behavioral task
behavioral31
Sample
DS4Windows/Lang/de/DS4Windows.resources.dll
Resource
win7-20231020-en
Behavioral task
behavioral32
Sample
DS4Windows/Lang/de/DS4Windows.resources.dll
Resource
win10v2004-20231025-en
General
-
Target
DS4Windows/DS4Updater.exe
-
Size
803KB
-
MD5
36c2074cf30fd2f960108eda26977645
-
SHA1
8fb0cece7ed4fd698ef6f6ee7a519560b41edf71
-
SHA256
1fb782d6531582a5c86b1a1a4715b0692728396622cf27fcc3abbf0390f8d100
-
SHA512
b73b06e317cd8242566b9f3a71ce2c4e1307b6a2895f5a903859d75853d0d2c5d5f1ef2a7ace4e3bab8a62db7e0194262c8ca0d0fba40563ccb753d6485fd3bf
-
SSDEEP
3072:SguAgTsGLYEZl70PsLko1Gs2T/0oim/JbRZzlZ2pvqaDrJ0M6gAAAAAWAAAAAWAT:S5twsLko1Gs2T/pPlZ2Bqml0MA
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 547709.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4876 msedge.exe 4876 msedge.exe 1960 msedge.exe 1960 msedge.exe 4964 identity_helper.exe 4964 identity_helper.exe 5944 msedge.exe 5944 msedge.exe 5944 msedge.exe 5944 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe -
Suspicious use of FindShellTrayWindow 46 IoCs
pid Process 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1920 wrote to memory of 1960 1920 DS4Updater.exe 88 PID 1920 wrote to memory of 1960 1920 DS4Updater.exe 88 PID 1960 wrote to memory of 4916 1960 msedge.exe 89 PID 1960 wrote to memory of 4916 1960 msedge.exe 89 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 2172 1960 msedge.exe 90 PID 1960 wrote to memory of 4876 1960 msedge.exe 91 PID 1960 wrote to memory of 4876 1960 msedge.exe 91 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92 PID 1960 wrote to memory of 4752 1960 msedge.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\DS4Windows\DS4Updater.exe"C:\Users\Admin\AppData\Local\Temp\DS4Windows\DS4Updater.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.6&gui=true2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1960 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd366746f8,0x7ffd36674708,0x7ffd366747183⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:23⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:83⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:13⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:13⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:13⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:13⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5276 /prefetch:83⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:13⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:13⤵PID:2832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:13⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5828 /prefetch:83⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:13⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:13⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:83⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1679239163590656672,11533041881980858976,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6248 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:5944
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3396
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f4787679d96bf7263d9a34ce31dea7e4
SHA1ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5846fa54dd08815475ed78c5fa5e12842
SHA15b420945cf7998219a72f4d0e3d7fe30dac36664
SHA2564cc8feb32894394e32ab50ba96a1dce6c46037ef3a89501e15df3027f1e95fcd
SHA51276809bda7dc24976862a984a69ada06853e0f41295297cb6d3c39df13035e0e65e150db096919280b7ed235fd0632077b1485cf3314211427e9ae7a5cc454a8a
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD5f1cc3f4de3e21e59e5fcce32002cc6a7
SHA1c63dc487a1c92c54338a28807bdfd0a8c5996b46
SHA2563ac93e31a2bef8f7b78ce530ca8c7d28db50f25c711ba4f87ef954ad3dadca8a
SHA5122abe70b62d52d9d0fbd2ef8e0b2c7bdc7091167a76d368f0f61f739352a4ae662a15f89a13dc9c320e729d5a55ce0118e9549e4aba218965e43682c970d96426
-
Filesize
5KB
MD59f1728adc10a08f127167da89e31c020
SHA180e6d69fe9f84a3819bddf6f0d744c3d498671c2
SHA25647386a81dcd0da86775fa9c9d0fa0be1afea72312aaae0fb7b433fe31fb4cbec
SHA512cacf06698f3745439bb3d71fa6434be164bf00e0b477cd0f6c6dc6022cfb76d699c53a2cfd33c9f7a74b4de7d4378ec35762550800e1f4934433ecbb52831a3f
-
Filesize
5KB
MD5cebdc078142b20f8cabed7b14903a383
SHA12c1b7caa4ad1ade65da75cfb87d99f71e9d5f969
SHA2562c78fb55feb34817f0fe0deb02b3dd926a68cf29f077364cc593e97a08ebf65e
SHA51251cc40560c0252c6b485fef73bd38356ea11654be7919d9fd9726cfa8f8834fe62718b66d63a64d9f381b687de1828cefead94bf99a9ab3b594c753b17b358dd
-
Filesize
5KB
MD5336bddb04c20eee112888af359477079
SHA12a2df30a857379d50a2053ff790b014c966807bf
SHA2567186beb4145591fa738413e27949d733d8c1019ac45e31a982803bd0fa101886
SHA51221678af829d84cc7b298c4cedb3fd1630d1f189cd883b01c25067a509cf258926feb7e30ffe4b363abb7169aa04045984815479fe738e250856f255553b99bac
-
Filesize
24KB
MD53a748249c8b0e04e77ad0d6723e564ff
SHA15c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA51253254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2
-
Filesize
872B
MD56a001d90fa16a30148ae2eca88f45a72
SHA16363efc98fbd58ab2c63b4b78e9426fe9882f8b7
SHA2563406fa33f8446472e3f64c207f7a2e82fe7e4ecb06d1cc758bdeed85484f2328
SHA512a57383f2090ab64bad86d66d246cbbe5e5b3c2769f00179ce080bf2966f8aa117fdd170535cc365bdf4613e427dc9582d1d6bafccdf0adc6d8db2905f6a0ad57
-
Filesize
872B
MD54c051f3b528abe25ee785d2a88490254
SHA1c37992170e6fb9e8ec044148212b1442dfd83f00
SHA25657b6869ffe618c9f03df3e0ad088db090cb824097105c31844267ef04a51e5c3
SHA51249be2d901a1b9db001c37996bc56dba97b51c867b72c85a68d06b3d81d7b0cff61177571573f1b510579effc6d7d68e3450ed0796f3e7f7e3f4cf928d869ba47
-
Filesize
704B
MD5a784dc127a2e8f80a4066285b2c1fe48
SHA1d3ec96f756938a3964fc1052e356a0ec8814370c
SHA256907355dbaa0393a30ccf9b178fd8a34315f4da2c021243e3392829d46d43635e
SHA5128ea7d171cbc0ea885af3f98cd3cb412b26779b60a32b00def7326384d96dccef28afa8788e8c16aaed1e9fc2d44e58aa70a1ccb2aff5683a7b4579c7e139ea96
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5dc87b288a1696412ebe3c8885736d3ae
SHA1a156a09ea2727773435c8d9f99010f99a8f1edb7
SHA256d3237b311f8853932554be01bc64d8ff5d190cbc7710d6e3642e7c324acc4e5e
SHA5121103707746976dc4cb9c9a90dc1718097e42b09ddab6f85bd5699c4a502341fac3d7d667774df9e79945043f75e2d3d97dce707e173c6703a7bb6e1715f7369a
-
Filesize
10KB
MD531c2633794f146b0de5e03642f2d2340
SHA11df49780c24c441b99c7cb9253b7cab68c6e0e6a
SHA2567943d34f38ebaf07dc1a3da1655c46ff6f748a0036363217a5ccf95dc9d368ce
SHA5127323563d1d13cb58eb134a6929822621edf0f22e0d6df265c7db19e0d3985e0530417ec05a3fbf67275389db262b4d8273393479d87771c80d3b3f41d1ed1e35