Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
24/01/2024, 19:07
240124-xs6grsgbc3 824/01/2024, 19:00
240124-xn4sdagac6 824/01/2024, 18:50
240124-xhc3gafhfl 824/01/2024, 18:46
240124-xesnrafga9 8Analysis
-
max time kernel
621s -
max time network
636s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
24/01/2024, 18:50
General
-
Target
https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://bvpquz9.com/win/tin/udeh8z/[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://bvpquz9.com/win/tin/udeh8z/[email protected]1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cce346f8,0x7ff8cce34708,0x7ff8cce347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4520 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5128 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2116,1669632113923286802,9193297299100732006,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d5564ccbd62bac229941d2812fc4bfba
SHA10483f8496225a0f2ca0d2151fab40e8f4f61ab6d
SHA256d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921
SHA512300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025
-
Filesize
24KB
MD51d1c7c7f0b54eb8ba4177f9e91af9dce
SHA12b0f0ceb9a374fec8258679c2a039fbce4aff396
SHA256555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18
SHA5124c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2
-
Filesize
26KB
MD55ecb80095883c24bfd9c4cbcdd9befff
SHA1758c3bbd590472b9e4081ec43daa329aa9968a23
SHA25678a93e882fc0cdb81e3ff4f5e87ae03339898c5ed7fb170ae5a510709f328de8
SHA512d2c90f6769a744db504d451b0477c9488873b2421056e51fb37f610f7b3a1786178a00f8c158d8bf82cf7925844d7748333875b3921bdd09b90dbf41972ef9ae
-
Filesize
69KB
MD5c33c3755c9bc5c370e51bd72a524da35
SHA17b4d2ef2b5e0188562afcd4c87060a809a7d2919
SHA256e30aeba2b555fe999989e290128024451d7b1bccd13060ce16990a39937a3113
SHA5127c656b1f7e9806208c87b1f22d27f07f400c5bdd3fd258056a4046c7999d4f83f6c473800b09e36450eff9ff9dd86d045eedead515aeb4bdb55e9d9889e90de5
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
89KB
MD520b4214373f69aa87de9275e453f6b2d
SHA105d5a9980b96319015843eee1bd58c5e6673e0c2
SHA256aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820
SHA512c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54
-
Filesize
1.1MB
MD507c7b8e8f3b421d1ebd3008be2e2bf66
SHA1e45b739cb288a4f48b8f2f282e91d0ad3e6cdf90
SHA25676ad75a6f78af7c5747681a3eb0a7bbd55022b0e2840642630761c55588e2b55
SHA5122f5b46a57684a954064d232d922894ab7fc3662352aac60717ea6b172db717c34faf3d32e81fa8640f39a55efa4399e702d74e17f48a3865c2d85a6b4cc11c01
-
Filesize
2KB
MD5b8a0deb39eae5d5029b81d1a0ab5986e
SHA196ed9a08548a70838dd88f9c3ed6bb707251b71b
SHA256a4b2fd5a1c63b6d3f21d1159f632c617fd6993b7957b8f478589d7d132a1b356
SHA512797252d2354648450081858c790cf7027e188b8295492369df1516c4956587cb1ee99eae0a2a9cb16877976f7ae1c6566d8b824a8f5f231c680b84691f89483b
-
Filesize
1KB
MD529cfccb92fdd2a9f35a62a7c4aced8e1
SHA17b5b12da1968b354a9fabd38aaeb4fe71df12cad
SHA25606123a60b14f9084641bde4b8049809034f29e6aac3cd07feabcbfc35133e657
SHA5120852ab66b1acbfb6711b41e4a1db3470cb2c442ffdc3c2185558d59736992bec56c1dd70e51e3feccc4d03dc9d3086a11d7fb3937216774d6f54a9ad0d11cdeb
-
Filesize
216B
MD5009eb52c0771af705723b5b355b91224
SHA145f9101a4d3820e08f34fbf833a663ad7165ebd6
SHA256b80a62c1ac5cc3c44c556d0551a12ba060aab21db486afe48484f6eeb7e17190
SHA5120a632208ecbdc28d292b9741ec343990ecaf488a914e812e8d4bdbb40d629a290f5835b7c8799cd7cddf916ed9a7395f04c9a95d55b851ddc14aba8a1a855605
-
Filesize
849B
MD51f00bc18cfa475a6f72924a687d26972
SHA1b0a02135d581ce2cda12019714e1d807fef9052e
SHA25627502f907404514f7806888956c6cc8daf6060d7dff130247bf8de0ae8fd4457
SHA51233689cc361d513cfd8ad621fd94396c076f66dff6ab31306ffed1c55b8d6febb67598d3ae60e38290eae64627c5dd2d07958fa2fb7c7da79b78e7f5669b8a5a6
-
Filesize
2KB
MD5ccb21732239fcb32615735ece75da56d
SHA137699c04412ab79a28893339048ecdf697d73c18
SHA256cd09653eff192283411706094f4174d1042cbf2d4fc66a48b20c5def9d551481
SHA51225f17cfcc52dc08b5c60bcc471553c245266949bc5e5792e8f719face4e2f0dcb830bcc2fdbfca6b55a5c63b2e9ab1d2dd567c434992d380c7b602ed9c28653c
-
Filesize
3KB
MD5f50b14112ae4d3817631e86a53cbcf80
SHA1ad0ad4534e7b0507b6e179c64a31c1abb7dd9fe3
SHA2561181a52a6d2413d39283ba49874ff9813b8bad64e3dc3d4f06aa04cfb5ab4416
SHA51231ad8700c5cf715a94b5219469bf31660ba6d0805376b2c3cff8915678c7bd2610c20cf954593a13bd8b082adc49915b18edee36a42373bd3b2881e72091eef9
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD55b45ce6922e21eb97eb34f001c453381
SHA1a81b3542c2b1b9165ef1afa52271871a87076dac
SHA256befd421eb13d31f967137980b5b65f3d0b72eeee95d9af3ec1fa8d6fedd5186c
SHA5121c8b43733e44ca08d1cf21fa378ac949a60bfd5e82ec2dcd1cc997a4879f75be9eddf4a9044e2f26929d5c5c76bd26d7f54e12de120e5ee2fec773226571edba
-
Filesize
8KB
MD56347c3df6036be2425ef1a6e21bd220d
SHA161b5e1cf0e5555281d27187b13f7d944b89572a1
SHA2567ea948fa8096d40a1da8b5c3118c6523d3a7c8af136e94817c0481e3933c1ac7
SHA512c14976c99278f6c967cb46722e3bd5627484cb661fb1dd6aed4b5c9eab0d4b435bbe9bfb9a871cf37f8f778347d33d9530172744844aa012f31a07afe98a81ab
-
Filesize
5KB
MD545193fc8b343de96799c05e4e0033c4b
SHA1d7f04ea04fabe1e22957f65323a56f52551229a0
SHA25666d8394795a634d0eb821e2fa6415cfe331dbb259e2671bd0e51d7fef3dfb86f
SHA5124b50e3d4c4461d0252ad65cf3945842a838b5e3282d49566fe164a800b7e82e42c6bfd0147adcbf7681e43040da718920dd6edefbb06efd0d60b113f6bfd54a2
-
Filesize
6KB
MD53e646316a3db254a604dea22dc2da13c
SHA1576ee994d88dee953acce53d5e9fd2f69405158c
SHA256e6a9249a8e7938148436e94d0a60377cf346820819f3da01d6acc935636c9b74
SHA512a462b84a31670edc05785d8f70f4c2a0c78ecf898b6fae53d9d9521d702d38a8477d487234c4d7217503b8d0076624dc28b8160340558fea99d497d11657b92a
-
Filesize
7KB
MD521df9661d7199236f21cf3f89df7b418
SHA100f8867f33da606c5188973cb122054cedc6016b
SHA256bfc57bddb7e8e0f9fe886e8ca2ad56b7103c7d17ba546088b42d2d402c6e92a0
SHA512aa41f8a3bf8f46f8479de16d4a09e09b6f46959efffcadaca46c8026c1be7ce7c397da28f129eb47efeba2c1fcadb9b4aa9812bd7943e4b68dca9195ec7183d5
-
Filesize
8KB
MD540965511244c6cbf37b6047e96bb8e3a
SHA174df4572ac977bb697352f838d8911faa79456ba
SHA2561f89983fe37a894a8f384a726349d6a56de1b46cc54adef7cd38884ee01c9e32
SHA512d71fc433719a3b886d417a29aeec2b284cb95f07069bad34537b8c2b5636c185d6838005d8bf0301c3077b3b95ab18299a88153546f3a42271478f991c15db4d
-
Filesize
8KB
MD516dacefcad21368162a29c1e9fcf3d27
SHA1a1d8e724a8829b0d293bf74734c1f10a166176c9
SHA2565bef305caf41f05288423a27bae700e5b7c42ea0cdc18b130cd64c637dab2783
SHA51266dc71281de503ad082eff1b0b51bbc801254f5a5deb1e3256a669f41f01eb6bf1c8516006e33392ed8133630fffd24ffd8b3f0810d7bcd38edb280ff8e6d505
-
Filesize
8KB
MD5d13c8ab857f18a0a780baebb5da92be0
SHA1e34dd6dd1441f47a57139efefa40035ec9aa213c
SHA2568bd98c4fef13d5f7bfa2fcdb959bd62e43c0f91df24214966258d5e19252d07b
SHA51212a844c67677216d6fad9aea49b694eecb0b8763e589990064ad3883087da59cebab73e4fb168360b9290749e7577a423b9a6117bb02c998c4c03c8b578542d6
-
Filesize
370B
MD50ae51af2d66b27e4569a67de7c1748d0
SHA1a0c92a7ed2585f0cc159b88ac312f85ee033e0d2
SHA2565416aa4ae591e93716f96042532fecfd2ccd4b4c4b76b6180bf2fed059fb95b6
SHA512f1a0b4eedd5ff45e86cd96a88d58092391e1559b3fe9aaff02116b757c9c2a38188140251ae29d8bad26749a1f8e7f5f53b04052e8f751bd78dba59a6a214995
-
Filesize
1KB
MD570ddbfc87afe3ef7a9a98057db005a24
SHA1e1423800194ce036692ef01ac2f6b717f1cf5ade
SHA25626f50352c8dc2af4778707a43e3b614f2ca6293d9701c71bbc484532e7a9a6ab
SHA512039da17648ef62bd2343bdccee27f137868e61895b90b1194d89c4b29d465753c3080d9603ec4b27562dcd36dc2c737b4ec02ebfce99e8994407b6e3ffeeaf99
-
Filesize
1KB
MD59e911e339f618abb91268266b618eb11
SHA1acc0ac6f90c7888c617e4539c2e3cc3d8f6d5ed9
SHA25666a1ed7d15f94a525f9ca377381b60ccfb04b43f7bb3429dbc99c3e019a7267f
SHA5126c9b407e781d87ea3787f904d6c20b7386e6663f1f5bcdb3bbe4e537f96a6159d4815414482fab50c5ce1bb80287b285ecc78d8e3ca42f245dc53ca9c0ab0465
-
Filesize
2KB
MD5230742582ef79058bb4072c7cc70caf5
SHA1c4826d2b6c55060c4d28cc1fa32d9badf31a1152
SHA256bd9d7b352a1602d25dc9f41092d3c93cfa9e42a243ac1f8a3adc38abeada154f
SHA512e295aa1219eeaae4df9eae2c8d49a63bb47dbb56f7fdb7af55d27b9dea0fb0f3e9182eadf73b5ac30ec8efdd3a3d3d5565b71f513da1fc610b39481a64284792
-
Filesize
203B
MD505714f95da143ebbee92039c04dc2d57
SHA13de33b4449b942d5d12aca70045686e704d24555
SHA25659c3761ed2913882af270fab9c9170757713531076be206eb465c773c5c9bd57
SHA5123f08f4511601e01d86884c739040988de84278b3c68b3bf23ee01715bfa87fc933b6c86045a8c149f20d6195402237b31e120d485b77592e6c0bebb6d8f87149
-
Filesize
6KB
MD5b98e7a871646472bafb2fb23105ef285
SHA170d18b30fefef5ba10cac69d0cdaae749b7eb7a3
SHA2563378730423d1b7bce794983a255be4581af80e845ae2f7e8da1a7c054eb78ff9
SHA512f60b6e250f4b4c760af62ddf6ac8a1779f1db631912871ede7920331e22b69c70f16bdb3692e7c308ad423e2c38a9ca9f3edd714c0ad3cf7569baefb26e58158
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59dee140a5e6f7a58fbebc8b4dbf26f51
SHA1fb009af61af0cb597d2e009ae5cb39c9b653f22e
SHA256c44b5be3a24c955f28c77b9cf16bdaf4cf1eee24f68ebecf4617ab8760493f51
SHA5125152db24ec3e252fc01b51a785304a6e44e414a2a4b085d78f9f6ac5cfb04b98810ce30f20b9468d249ae22abdbb2904637f33e9a342a06e829463b70a5abd20
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84