Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
17/11/2023, 02:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://trakt.tv/shows/rick-and-morty/seasons/all
Resource
win10v2004-20231023-en
General
-
Target
https://trakt.tv/shows/rick-and-morty/seasons/all
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5000 msedge.exe 5000 msedge.exe 4340 msedge.exe 4340 msedge.exe 4072 identity_helper.exe 4072 identity_helper.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
pid Process 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe 4340 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4340 wrote to memory of 4556 4340 msedge.exe 89 PID 4340 wrote to memory of 4556 4340 msedge.exe 89 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 4912 4340 msedge.exe 90 PID 4340 wrote to memory of 5000 4340 msedge.exe 91 PID 4340 wrote to memory of 5000 4340 msedge.exe 91 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92 PID 4340 wrote to memory of 1576 4340 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://trakt.tv/shows/rick-and-morty/seasons/all1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4340 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb0c846f8,0x7ffeb0c84708,0x7ffeb0c847182⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:82⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:5156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵PID:5300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:5372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵PID:5572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:12⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:12⤵PID:5732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:12⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:12⤵PID:6004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:12⤵PID:5996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:12⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵PID:5144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:5812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵PID:5540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:12⤵PID:5460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:12⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:5188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:12⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:12⤵PID:6140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:6120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:12⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵PID:6132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:12⤵PID:972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2404461607754911641,9983018159473181253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:12⤵PID:5076
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1264
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
893B
MD5d4ae187b4574036c2d76b6df8a8c1a30
SHA1b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA5121f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize252B
MD532a3661a9a7f502714bb13556db6b9d5
SHA13f9fc0041f9fd0690c4dae4ac7c48682f1926196
SHA2564e28d6de2c4a2e975052fa8cab589a32138cbb0d3ef035f04884b6b4bd8bbf12
SHA512e2d2988c9c210e7e9e50494ccbf5a512cc9dbf7aed32a09ca463fb6247b861a9d62f24e977e06c1cedf705a5ac369995753f44c14cea4a3587777cb835d4d02b
-
Filesize
152B
MD5f4787679d96bf7263d9a34ce31dea7e4
SHA1ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307
-
Filesize
16KB
MD51437a7a9898305f5020cd11af8d7ec5a
SHA15e1036a9c8fe3abcb51d61c764fb93d194fb2e51
SHA256d196852d658581bcb859d321de774f2f9c0537bcd87b3a6f635c0ccfa801d579
SHA512edcf8c2f74ea98d0432022c3a02dc59d3b11bc5384d7f6f51fad0c6fb92782643672b028e310dabbec61fa9dd9466e571db23ea8204e34be41cb4316bb243dd7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize768B
MD52be157618df5fb2d560c5ffc65d8d3e0
SHA18f4025a9f32f576aaea920bca78dde40bf770f70
SHA256a5548f1adf549b96e40b67d48cb7465ea5cd5b43f20705372c679a95eaa593df
SHA512f3f0ff20e5bf5387fd4de5f5532598cf7e9e438a522d2265eee2e2f3b660af97b1c6e374c8c20b24c98e6058f7fd4d32bca017ebcb3c0ed3108f8c5298814b4d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52932bf7bcf2722f757069216fb4a1176
SHA1373be23234d0a7041bdce4ddb622d0f25da92f84
SHA256a330ff5c4c7613b62ab1507fa28e27fceba1c9233c6d49e45ffd0edf713bfe88
SHA51276570f2a6317ab256f2e4a56b3ff35554dba09f9d55bf86453c7ebecc4c65b65be537b084b949ba7e2ab4ea588bba9774e721ace570db1eae8cfd808b4e95541
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD5d4d69e0e526fcbd25228918394a31f71
SHA13c31490052abf3eea244c5e04cb072ca663273bc
SHA2563dc67d5bffd3331983545e907d4519c7cff372c89792cfb284a5b145cd66c9b0
SHA51222cdeb93f39a91ff1ac9dcd9c62fc9d6acf60222b38c5c75025466231bf4f72ead2c6cec45a75a82faf28509777212db0dce04f601ef523df6d9e19ff76bcaf2
-
Filesize
8KB
MD5242526aa974a5bac13b9e98fc1beca2a
SHA1c1ba6116a4cf6f3220e9f98d71a2835c2f1cb141
SHA25660d20cd33bacb8fffded349179114ad630aff43330dbe83e3c7e386110334595
SHA512102aca4ed9fa9bbe3374e37d5972c73be2804acbc9198303d9f248583de8f6d294abe7333b448bc5cc68bd64a914c3857578e64be5ebada698db3a238c22b51d
-
Filesize
5KB
MD54194eb9fa5e244409fb73d90b1f15644
SHA1faf6ff5369cbf34fa52b9b2e80ebcc9579b25d8b
SHA2567720b3b3620f81b5187475b3c57672d007932cee02b41652e66a4f756014b825
SHA51295a55d6c71a57fc4998579838beac357d5f9001156e797196ed2e8e4a2944f14d4a12ac09ccc87cfe255498713f6ae7142b9c79b1c75fc1a16bb63f711666ab0
-
Filesize
5KB
MD50e6aab89ea7db6bd10b9ed10df04b961
SHA118aff0d5dafac68f649200abe94c97f0b7948003
SHA256d9f2f218d8eedc1c82737b63937b0bb3e8216dc08a1e06733765997b176a10ab
SHA512b334152b4143031bc80bf186aa43e0b84c68a3f86b4ea49a8084b77f904ee15dbeb4b78b5964013603420b57a8559bb3ba4441c145bba9f8225f63a0890b84b3
-
Filesize
11KB
MD5a6078c1f36392a8ca4ddf2691d58efda
SHA1550c88ac72fd3a3e3e24ad03341a9839ecd75b38
SHA256fa4e6ea4bc59a5574f107afbb421a91c96bbecc9e736952bb6f7edb4ba4b3ce3
SHA51220390e50d721852788640733f82c30bb8a2442533e223cf825cfb1eac13b53f4bbaab5c9a48f51a6c524b172465003abe8e2efffe861ef6c80415680b4daf889
-
Filesize
10KB
MD5724ee45dd3774d4eb513e56c98cf81ab
SHA1802894dd8168d06c16fb622e2f5d240b9335f0a0
SHA2563621f8c0bac57dc26764d1560debb876fb1adcd5b4bd22c24054f99da37a9133
SHA512a6fa664a275fb3c5eb679e164960b539df95d803061f0afc4f743f0d8b0f331cdb6ad8ca28865035450bd8bd1de85ee2636dde53df737150fbc941ce55b03b0d
-
Filesize
5KB
MD525c6bdabe15115367c295af9fbcc9126
SHA1453f0a96a63c8844fbf01b8f2514b547a1a07a8b
SHA256bc75fa2f11bd86d765651e52c3cf8448f370a167c70bf2f41b8321ce2ee78a24
SHA512b7f35d15834be4807598c94cb2eec83648f11d8bb1fb6db0f539c8da658aa16fe164eedb2c8de8f68dc728f140e5a727e87bfe11ccd6c30d46dd1b7e0d864036
-
Filesize
6KB
MD5f6b63f37c1bea15cde9ca19d269466c2
SHA1498736ec33d8f1c11072cf2f3931963dd1b96524
SHA256fc393d511ad48aa60d6fef3024f8b8e07bb41983f2b16ca8d684d5a255ad4477
SHA5122ec03c223f1def4c708081244cf328b7a4b08eda4706d219d5d17b4ac9c4ff4032f4df5a7e1f80089e5e9a8995de49144962eb1d7acb8c56703d7f7e08c5ba93
-
Filesize
24KB
MD53a748249c8b0e04e77ad0d6723e564ff
SHA15c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA51253254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5a2f4b05358c995bf13eadef934eb9924
SHA1a3316ce9dabfd223e322a014126468a0207b13b2
SHA25684eb416fb8e868566715d12b035e357087ee5badcea04c201b3ad2ddedc28b34
SHA51250be775155ae3c1322d74fe509a005458106a5bc9ddd8d2cb9cda177a01ee5dcc942504992d0db1278b2542b9db88e312d12f2674f7289376942f8dae2d11b69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b14a.TMP
Filesize48B
MD5d31fd7a0e1d6dbb8fbe159016d8f389e
SHA1e12b06c93c5eb27e12b07ced16fe9304f7410ba0
SHA256ce140ac0de70a25138dd23f2f7dc1c1428e96408b9d6835c0b004fd36c5f5001
SHA512ef44abec70cad68fcdf99da5e1dade14d87ae15a0c5f6e48f47d9bb75db31c10b045e911852a72db4a2a132561eb335bf36b4ebbeee6da047c6a2d229e568f3e
-
Filesize
2KB
MD52fb661a62df784eff4b854412c7f76c3
SHA1c6d9415932004d499abd8f4f7a39dc5c6278ec43
SHA256276201e4dab223adaf00126bdcf94bd51b8ee5f3d8d23747d8c70df8b3b4915b
SHA5124e2c5659738ac164a1f12d696f2fe2a186b225466bbbe4bb6ce6ced5dbfc157304d3be31fb72d7efe92531e95863198db798d9b3718f67b0242f1cd882bd938a
-
Filesize
2KB
MD58819e7e555b902452469b4d33acbf1ff
SHA1fe2e023d0661280507552200911353667bc9b686
SHA2568b14d0bed2770c6b8b75e9aa5f9a1e800be357ecbe89121abd1296647a70d404
SHA512f78c3f490d82f527259e98a86831ff46c28d5359fcbe81deaa43e3e9c69142fbc00f7180157ced3a45c49a2c73f6a4a52ae8c35b20c1480a6888fa6a00b8ed1f
-
Filesize
1KB
MD5c1c1c33fc4caa26d2fff4da51003614e
SHA10faf627a7230621e53111fc8f8db49aa0f58c6e6
SHA256ca40d9562525cce8ffa18076478500584fc46ed0b268cd28cc7a0417d8c4f457
SHA512397d91f16c03b422d29a400456427d1c6dc4d578fba18bdfa378221ed08782614c4ede41291cf5f7a074edd9e91700aaa1c8afb085a3051dff473b0032dce71b
-
Filesize
3KB
MD5ab8af4625c3a939c429614a61af924e7
SHA17efafbd7236b42e40b38b4ceeef2462ee6d6ba6c
SHA2562be0e2575b35ad7e55e690a0477e7b0b465fb69032bdec76c1025316880090a8
SHA5121c0c8e78ed5eb1b0b353cd4be11763c39bf0cba34ca2387a6e006088393a2c1539613e7933c46aa7e5978e96de8790246039830c1a1603ceddb47f0d0828237e
-
Filesize
3KB
MD5a30cb9c13d09a1d2f0caa4a8051fd9aa
SHA14e4194ec7f2a83ecceaac332ccc0ff6a730faec4
SHA2565632042fce0addf2457f879f7258a72e1732a1fb18edf9f8aa61edccb0c98c5c
SHA512f583cb699b85c95d8a428d77027b6e641c1cfc32d4b45cc58230e3c87e8a6eb8e9e34c142735e96af85ee80c2c8feb50f043595f95f608a06b5faeb83d809f34
-
Filesize
706B
MD59f13df9c4442ef8a2ff74c5c92daf170
SHA1a03acf3808b85ddf3eb5210ecdac9911fc6e9e06
SHA25652ea466e93cbd7b164679e76b362dde2ad97c20a19e2236a5555703f4f4fc0c9
SHA51263e947a4a980da35381e1293e94598510ef5c29437163941567a034a11aad78594cb9a03fbf951c92631c236e8de336da2925c90503b82528a90aed61b3ded22
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5958668a9d5fb0f153ce92d97ab2b03b6
SHA14753dbf58626ebab74821944fc733f582502cd86
SHA256828a7a83761a55a95f52efdcd2e8e27abe8ea5928fc2c0b5b7861cd42430f75a
SHA51296823c7befc7d7c5bc06168627f52a54555ac968b9c59e443f91cc2267dec8e337c1597e2711ecf4040a3843b7ae457461a35ec31fd0789dbb35c3aef1a13635
-
Filesize
10KB
MD57764ff2412470a154387c7523b5c789f
SHA1cff21d3fbf337816ee03c3e70cfc3f69b36bee60
SHA256247caac8f753c444b6a98253266dce44e066d4dfda1a9cf2bbc748b841e5d84a
SHA512212ea2e8c74c18881c9ded92f6d5a6ef8e19dac07d67c8c80530e11f697cac7064e70d9997388f4f65da79e5759c9458df91424c77404244f76e50156d1a57bf
-
Filesize
12KB
MD5755b4b02fa770032df45afcb16631807
SHA10165865de0ac860649d8ef1e8dccb36190270c72
SHA2564d7655fb126aa0dfe0fefbc70dfe52c5c634d00224c57265f4858c355f9b6a61
SHA51247064ef296e77139d50f5d88a98b616a9cc075e3c2af954fe5eb3b4a427bca95758415695ebd1d250225dc7a3efdc0519aa1a0e1e210baec96b42149afb6f430