Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
01/01/2024, 03:39
240101-d7284sdfc7 101/01/2024, 03:35
240101-d5fx4adeh2 401/01/2024, 03:19
240101-dvanbsddc8 131/12/2023, 02:24
231231-cvqtwaegdr 131/12/2023, 02:21
231231-cs7dvaedfl 131/12/2023, 02:01
231231-cfzhgadcf2 131/12/2023, 02:01
231231-cfywyadce8 131/12/2023, 01:24
231231-bsgmraffb3 131/12/2023, 01:19
231231-bpzn6afbe2 131/12/2023, 01:04
231231-be39ladfc2 1Analysis
-
max time kernel
1113s -
max time network
1120s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
01/01/2024, 03:35
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
Resource
win10-20231220-en
Behavioral task
behavioral2
Sample
http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
Resource
win11-20231215-en
General
-
Target
http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-334598701-2770630493-3015612279-1000\{25E7ECF6-F37D-44A5-92CE-F0EDE1104108} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 4488 msedge.exe 4488 msedge.exe 3612 msedge.exe 3612 msedge.exe 5080 msedge.exe 5080 msedge.exe 2024 identity_helper.exe 2024 identity_helper.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 4288 msedge.exe 4288 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
pid Process 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3612 wrote to memory of 3140 3612 msedge.exe 14 PID 3612 wrote to memory of 3140 3612 msedge.exe 14 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 3536 3612 msedge.exe 25 PID 3612 wrote to memory of 4488 3612 msedge.exe 24 PID 3612 wrote to memory of 4488 3612 msedge.exe 24 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18 PID 3612 wrote to memory of 4724 3612 msedge.exe 18
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fe9b3cb8,0x7ff9fe9b3cc8,0x7ff9fe9b3cd81⤵PID:3140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:22⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:12⤵PID:656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:12⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:12⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3376 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1040 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5012 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5048 /prefetch:82⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3844892722205972031,1004662695358157137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:12⤵PID:4612
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:812
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bb88128b6b2d63f04c36ce68ed52d0a1
SHA129cd0515976a9249fc96a9d77c9986238cd1c2da
SHA25619341f9fde32349d43cf9951f118ebbff856499e0e6875101eaf2db37a7d7d8b
SHA512ab3071e116a32fc105a868fe9f3cd11cb282fc6cdc1e101b09c7f6269502f98b34b2f0a2ec32eb2b537073e2b20bd22cefd2fdcd4be87f8b169e6eed3bed1ae7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52b367288409556539cbd30e41e4b4ea6
SHA1883f104d750f89fbce57d6d22d4b66708a81db62
SHA256f156bbf7e5518c75517c8463137392483790fa3c677c60c44092b20d35d06886
SHA5125a9c2fd0ca989ff60fb91b6db49deb47a390dbfec55e49aa46516140fc734532a87784a1b73ed9e030cfbbdfed4e0ff38c996e1b60aa94b0e2b8368738eaae49
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
4KB
MD553f40d2aa2d47a1d870513169df602c6
SHA171aed606c6c318e9724e820ba14db12e7ea8cedc
SHA25695aca473b6190b353c8e423f54d4b46f6ac9f35897cf893fe96eb2f50c0a38b9
SHA51293138c602c4bf5340f31d8a089c19e81970db79fdd960bcae1ec5df563b927195ec229ef29118e200acba29b5158bf15441a1d8f0cb4bd0c23b13306bbfd38fc
-
Filesize
5KB
MD5006e035f8c839623e62f7d5f5378c123
SHA1b576d3d900a28da89aa3bec8229393de8669d471
SHA2565c8d4ba89f7a81170193d969339552bb172118999977778c31e625d47addf45e
SHA51298046c6785a1cd44b5854f1624f586ab697bda9f0bc71c205df3ab8d3f36ea3b26d17eaacda4de4ba42cbc6c9bebe7eb5918903c0feaa60bb7703957fdcc383a
-
Filesize
5KB
MD5dab0ae0a43fb0cb9852806c2f350184a
SHA1dd44048c274b9982ac9c1f66a6262cf8f4d0285a
SHA2563082d8ea770bee9f35889869a7d1ff8903fdbb42491ff251b59d59fa5fe6eb82
SHA51212362f044684a61f24e016fd028fd131052991f5ccfde3d1aa9c00b50be57a388a7ad00478ae19136551830d965d23c39e720222e4e4f97a15d5707a00612b4e
-
Filesize
6KB
MD52f86f84947ea5dae8df838226949512d
SHA1ce46a8cd11be0e597c504c9fb8c22ea939e8c561
SHA256d70912636b056f59603fadcbedc73b3cffcecabfb18eb9bb87a1c5e0655f60c5
SHA51258f6cd9393be59f8bded8764a14d941f2bd7e042cf733907ee24f72489d0374777907ad67ac4b7fd00ffc683c82bd763922b9e68901c3742cb98f7338f5df822
-
Filesize
5KB
MD597197867d9ea5762876e8fa2853461fb
SHA13e2b2921926e354872b4aa1d60147a25fc61c494
SHA2568607c67ab07797f470c6be8b83d139f6665c2d919b9cdc4a004509a3b738b9a4
SHA512f3b3739388b9df330a6db020ca095374782d238ada6ccce6a8e6a2c689f5d4ceae75d51488c5a259c6174d39950b885fe3a8a936900ebbd2c15a2474ee6a8cf9
-
Filesize
5KB
MD5c675377a5edc2368b84fbfff465f8b96
SHA1db7a3872a2f74570820260426483e9873e716732
SHA256d20213a3ee62d0dd19436bda10b1aab3e4addc9b785be62e57689a7b46b89beb
SHA512c3c23c1182d3d7eea943835f184332e7c4fd6badb1d8c2ec313a4267b76af69f1e0861617adc6e69dbb2a59c4f739587e58bb31bd181839ca1bd345383bd7ae8
-
Filesize
25KB
MD587796f83a580ad1059639b7b6f48c978
SHA13aeb3452c1d42aa82dcc46fac0eff546266958ca
SHA256ca9281ab005e47fe20e132b81ccfbf7a5f0e6d845cd3412129bcb07cacb1397d
SHA512196d07ff37bf35b583ba80ef92e0277eee328925a77accb3dae1ca10a356a7924f49a7e6233db1b8b320eef6beeb9677ee7d642dd4bcdb2f1343cfe84fb186cf
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5dbf3a4d813b2439bd3a45d76fd52d381
SHA168ce5fa43736d784e45a3060d28a7f3655f6c4c5
SHA256c63cd0b74a4f24bf35b5e21aa45f92f63c2a976dbc0e58a8b5e9cb4e33084a57
SHA51218fa93fa82a962336c4bc36c1c5e0c61e0f35f6644ae925e343e939ca950f57d37ee3e2fb7dbe1ba7927e53e5e7c0bfb6299bcc00c3ac34b268ca77b89cee815
-
Filesize
10KB
MD501024ff89b3105bf8d0b32ff629c4a84
SHA15719838e89902e94bed867f41e4ae129b8057f60
SHA2560bca8568bb17368d5fe117415bb7a84d0e17694874b407a83336dbd7e6da7681
SHA5122ae67dd59082b30c7e082e03291db489394c8aa3cad14211e45ed276e1003a29b4e11a122e2109e0cbf2194262034e670c8d8579ccfe94ac1fecc426352f15e3