Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
24/01/2024, 14:47
General
-
Target
https://r20.rs6.net/tn.jsp?f=001LGuZ7QrQeGwwB_VjohO9Oqit_1YGcUGyxSaTTTiIT0x9KpWBfi5RsGtw6RbOEK-1AInEa5aBcP1ld3PDUV8EekMFW42-L2JlCagyLuHbD7rMY1r1ECCNn4MD8_HBn2CcZk9DydeNoSHNDjaTgJKbFz1Rds1vvWk7vbOMp9RapNOrF3XJH402Ngq8dTPiWThh2bq_jB-RlH4=&c=-k6edVzYl33e_ktNsngGS54DCsPDTJnsySYAtkCWlc3SIQw7DJVSzg==&ch=5Aappofvr0Z7fBMEAbJaff3dk8OMpyl-PlU293uWVEp4RMeOu4zA-A==
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 26 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://r20.rs6.net/tn.jsp?f=001LGuZ7QrQeGwwB_VjohO9Oqit_1YGcUGyxSaTTTiIT0x9KpWBfi5RsGtw6RbOEK-1AInEa5aBcP1ld3PDUV8EekMFW42-L2JlCagyLuHbD7rMY1r1ECCNn4MD8_HBn2CcZk9DydeNoSHNDjaTgJKbFz1Rds1vvWk7vbOMp9RapNOrF3XJH402Ngq8dTPiWThh2bq_jB-RlH4=&c=-k6edVzYl33e_ktNsngGS54DCsPDTJnsySYAtkCWlc3SIQw7DJVSzg==&ch=5Aappofvr0Z7fBMEAbJaff3dk8OMpyl-PlU293uWVEp4RMeOu4zA-A==1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc73d346f8,0x7ffc73d34708,0x7ffc73d347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5948 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7020 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7456 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7536 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15155470933246061278,2795080115372135393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5efc9c7501d0a6db520763baad1e05ce8
SHA160b5e190124b54ff7234bb2e36071d9c8db8545f
SHA2567af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d
-
Filesize
27KB
MD5b17d8e456d36586fbe2b6123d15e8f60
SHA11c6274260ae8b7745d20729057c2d74ecb4e2dea
SHA25612a2697430421343a9c0abc73224670bc4de0b85beb4f43e2b89bcee94c43b7d
SHA51239ef193106db901af5502ed329af92ba3bef82ec3c65a97f4c1f66faf33e9bd5d87ef848eb27ec92ccf0bde024e32c3a31da1e1b354d07761866055bb0bb9e5e
-
Filesize
201KB
MD5c445ab4315d0633d446998c80764cc36
SHA147d3dee9845cc6e29b6771dd6560793b8b93000e
SHA2565635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242
SHA51283a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1
-
Filesize
73KB
MD59ab60769c3a8ebca7ad3b5406ccb8550
SHA12d55548bec53851193633f30789456c20d97f44e
SHA2569703a07a32145fcc00dcae18363a1a6dd598152d1cfc045f00776fdd1cd9df38
SHA512ff793c00c9a076ca0175b74a1fb16482d4ffb81c6e4d52738a2b64610b0830567759527d939bec326d5f708bed0584e6b2533cd7bcbe445bb80574096400e007
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
4KB
MD5eb8afc93faae40b9c752a7befcdce2be
SHA100e30779597038d3fa6c14186e87a98d0c9e54a0
SHA256b45a3b8bceaa5770c8a058ad834a109ce7b002dd8f964bf93c119563920a1785
SHA51279b2db697f64ce1382ececd956f9de001cefe31306da75fbcd466135b85a11d1643b00ec83e6ef91462de6b5c0cfc758cb4dd56c1b22153a1e76290a86dd55f8
-
Filesize
9KB
MD542e391ae3213d3f4d41b30e2f5e6d39c
SHA191c14ab07f973c7c65bf5c6b01fc111f82a00e2b
SHA256fe9b530703de8c5125c9d6e53d6be98c67549e83a431d6eb122ba008bc30a267
SHA512cffabe2c5c13171f27b363e96fa23fa279877bc6bb7e332dc9b2ca81b76ae14c2abbf461253efda4020a892401ce8039cbeeae4cf38f47a68c93116325b5dd9f
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
18KB
MD50eca1fa3c031041d935abc1cc549f6a3
SHA1af545aabaec7890811766477746eacaec72cace5
SHA2562fcdb57bb66fcce6733a3c45690654bba7dbc741bad3bd12684e9ba2ba8917ce
SHA512f5e1a00cbb661b9e4872fcc9e8dde2e4c0a93d3f890117e82042c3a0764183a6e1c4885a1257a3cf2e7ebfee77bb858c609dad9ac110d8d684d12c377f15615b
-
Filesize
10KB
MD5d34e16abb0231adbd270cf43f01a2ce8
SHA1d0becbcfd199ae744a9f8331c0dd7d3a0e4ac01b
SHA25690e9dfc85e4a346eb3bfa76e0dfedafd39406acba117d3888ddc7adce7b658d9
SHA5122880bbb8df6e990de4dcdcbf6e44f54a434fca290f60983b993901c912914b8f62dc2e482193c8ce2e02f82c635899204795fb273e21043917f6eb13fd9a85dc
-
Filesize
7KB
MD5c11bb672473d504356accf4c08647fa8
SHA12a7d05bdf45b4cdfdc179b2a07e116c707c50792
SHA256a1c20097a8d23cadbbc4ad52c76991c19c0e4e697f11dd8bb3405a53b8b26af9
SHA51261d2a66965ff3e82112eced8dc0b6358aed4cfe730448ff10a6f22546b1a27f5ae14e643def40c050d487d2aedb32cb1249683c4fc9b1c3aed04e129afa7a0b3
-
Filesize
5KB
MD5382960421367bc65502a9197ef56578d
SHA17671f6b8df9bbd77a9dd95e5bec2db4c8ad4f6fc
SHA256c60339c626653b363f5b0570838f2431a9a021a1f9d4996d78367101735f0366
SHA51240f027918f341435c2f871bbb7eedd144e6892f1f4337115fcf66445ee54cfe96e1684998271de47a54ebc6c28978351a544892dcef9084a13b9d7081db3f199
-
Filesize
7KB
MD540a4503e66ad32263db9f28cf0501f77
SHA176b5f5658c8c21d7965332a98b0f0f852bcc0e7f
SHA256ccfe6c15cc9534b8c61402ea4a62184074ffa8328316b4389d85eb48164cb6dd
SHA51283856d52eb51b6921144229eabc608a24917b0bba02578da66d45140b11dedb767e8720aa49fe95b9053bf4d7b4848263966cbada7900539d1412a53358b95df
-
Filesize
9KB
MD5f5021511f44ce3fef154aed7bf67c0af
SHA1d5ea03bfd5b316bf9f56299e5aa2af4e8ad4e0be
SHA256edaaaa8fb901d628e768b2f285eb3718745a25bd49abab4dd72764fb71723d93
SHA5121ad4cc29f82d141e13598d4532b9a685ec4a3c602c50d3c6720ce883857f789d254eabc095972e0eaeb047bfd40d0060e00812a3995fd340a6e90ecd2c389a50
-
Filesize
13KB
MD51a904a1c8c1088f6e961aa96fb653ca7
SHA147297fe5fac59eaf1df656b20a8a4c1b301e6792
SHA25645e08ac1bb79644eb6ed7ccf4b2b55f799b6303fff56f69839f43090a7d09dec
SHA5128b9f2bb75a51386acc8942110be350d84b5fde4c71e53d504dfbc90a028333bd530d995924e505d9dd434e5c2c8b6f727235fae49ae4dd9aa8a73d3b101a715e
-
Filesize
9KB
MD5259345444f0fb32558877a9d6fd7edd6
SHA17e509d68a25775a955ad3b31f44fcfcb30b27554
SHA256ba96ddb3d7bb56f4b31ec9d5a6eef9e13f56786a8e0c6c9edccc0797063254f2
SHA512f9b8814e3c122c7620b77c08920d176f99ac4593f53e22d94d0290343891cda71bcbda84c10ba6b2c46d394238f2d49d4bd220e653983ee3a9ca66542d7afade
-
Filesize
24KB
MD5121510c1483c9de9fdb590c20526ec0a
SHA196443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81
-
Filesize
144B
MD5465768f0ad3f97cb9d8292eadd2d5de6
SHA1671a180e20bcefb4cb29c8d3785a37c1c5fdb3c8
SHA25676b86ffd8c12716852af63004da3ac8a1a59777b2821c1c4e8e57daa377a7e0f
SHA512965e48f8f642d7f353c6294cf47347c2514e2c56aed144dbfb4841a690b9c52aa5e98970a5ebe1793772246d9dabb15397603cd892281e993f34109303e04645
-
Filesize
96B
MD5702fb39c51ef57a4a88a4247b8daeced
SHA1d5369594881b240c6175664f3615dc485c208379
SHA256b3ace23a3beba95b5b76a029e9d3e3c8a87a2030e8740410dd38205697933e77
SHA5123edc405a453e9f6538483ce7e55341fa5f3190ccd5c86ee872511a84f189d6cf0bbcc2814bd5724f982c90c3984310124c17dfd0b536782b78cef2dbd4ba2cc9
-
Filesize
120B
MD5d714639e182d24b29d99b3762ab9384c
SHA1bfb37c3066cc7d6352ad5fec5a970ca284611199
SHA2569c035c4e098b9da575f26bfa51bcdab070bfd80c0ae376d75de16e677e9cd79d
SHA51207f9a63c420f7bf5df5d5104d0ce705b5780c16cfecaf227fede4b3cafd3a2d8e293d8e52d5b0d479ca25364c06168b7b110df75bfabc733458c28e263bab576
-
Filesize
48B
MD51f5d79eb4394fd7a2284c33b09ce27fb
SHA14e5e8d09e9dfb859cf8b08bcd5b42975283279a5
SHA2567b0e5531cfcb712a7bf72778493c7f9cbe4aebc063328f313877a1b87beb6345
SHA5121ea4a45cde100dd4f82a3313a22aa4656cbcbf296a4eb4eda01a851d00a7fafc6aea3c0b6794617a905791b6259fa4b3be461cc58321edeec075f881d298646b
-
Filesize
1KB
MD50f030d93dff4587e5d56bbfd60882e5c
SHA12ba3650bbd8814743c59c6a2f4f779c42b56d5ba
SHA256391624099ed008988f2fb560fb32054ac4988ebf9ea19d2e3a6e1aa23906e8b1
SHA512d14a8e73ffa59e949e81a8d1a268c7831bdd784f837260f55aee000ce5535e3b60d5baee14c7c7ee386017f5c0115d4e0c5ab2c81eebc082db7e9091fbaff310
-
Filesize
1KB
MD53248ff9c4b210ce06764706312e5b247
SHA13b93dc904b2024c00fe43fee5e090efba789aad9
SHA256ab1bea2c2bb932009b35e09398633ba966e5bb4a271a6343d20b03bc2ad716ff
SHA512730b87388def2db48aa291f167fa179877856400042897c2fbf8c8293136948be9bce4ba52b24a3dc78f75d8fb229ae1750673f9fd4a5adc23915108faddf548
-
Filesize
1KB
MD57be0dc2ae70a1e3ebebbeb6503b4d2b3
SHA1ec16a1ac4e1027a8c5a769dacaa124400eaba04e
SHA2567fe5b68d33e1d5842c92d4cda184b736704e123081dc674a789194661686a6b8
SHA512f45fc7ffe4f57140bad4ac1bef876fce6c5e40b2873c0f1f1fb63578741558b791a348bf7cd1e63c2fe01f4d74010e8d877fc3b8f58c355e0b25334169056346
-
Filesize
1KB
MD5a8c454f79f57b76b7b0fba7f294940f9
SHA1a6fb11426fed9e5d34800294d1b59d68d9f1be38
SHA256600d506053ec7ed237cc545889ae20565efcaad544107b99095679d9d6b80bdb
SHA512848598d06fb6f1464fb53d21cadcf114a3b4ad5666457f9886c9d2cd9b079926b217c66a27e89d82741114c937480a33189d01c40aec73263c9f61c5f16c8a8a
-
Filesize
1KB
MD5df4494bdaf1a7bd09ee2829e790f507b
SHA18f5fce87960a479b8584d60bb72c1caf1064b892
SHA256966d5c3568ec3e8f05b462e3f4f2b8c96972f2d75dad63428e31d020923be65f
SHA51225075c651fabe2d7e444af4c2859d0d8f6e592905a8c0bccdbd4cff1e02e1b0d60fda75d2c5f8b8f61fca408be99ddf63e3ac4fa0b1ae59e9e1596ce9e5e4c0e
-
Filesize
704B
MD559108fe23f4d8a792e95dd774a34d9e1
SHA1593855931fb5ef39b655ca8047767b3c33eb0082
SHA2564fa6b22e4a36478afcd1c9afaec0ef204c9fe728fccc3077225ebbc6339c7083
SHA5126bf92c3d4636e60f9ea570cec7538f73a8f60e196abe6c613b8409341eeda463318e0d956427bd35fb81a43b2cd880560fe5e2e01aed6e56ccd9bd12e2a2f20c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5aff05af436362c1fd303119e67117d3f
SHA10bbcce8fd59f18dc8d1d78c02ccf901b0c3cf728
SHA2568f44a66a2a27970f0d708bae604ef9b2fa8ea0940535c0bbd11d3e66b19bdf02
SHA512831adec55f47c04f7742d0a52d86a9b9f14ec35b4bb351be4324a9b31c912c059ccf699992294730bfed23a9ecbaac91605ed3b2b13d77c3317a4768ab3ef258
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84