Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/03/2024, 14:29
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://https:/cdn.doubleverify.com/dvbm.js
Resource
win10v2004-20240226-en
General
-
Target
http://https:/cdn.doubleverify.com/dvbm.js
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{824FD7AE-D53C-4D63-92BB-8E790BFE0A4E} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1768 msedge.exe 1768 msedge.exe 392 msedge.exe 392 msedge.exe 4524 identity_helper.exe 4524 identity_helper.exe 2804 msedge.exe 2804 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
pid Process 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 392 wrote to memory of 2776 392 msedge.exe 85 PID 392 wrote to memory of 2776 392 msedge.exe 85 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 4164 392 msedge.exe 87 PID 392 wrote to memory of 1768 392 msedge.exe 88 PID 392 wrote to memory of 1768 392 msedge.exe 88 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89 PID 392 wrote to memory of 988 392 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://https:/cdn.doubleverify.com/dvbm.js1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff01a446f8,0x7fff01a44708,0x7fff01a447182⤵PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:22⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:3788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4244 /prefetch:82⤵PID:1380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5596 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:12⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:12⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:12⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:12⤵PID:5464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:12⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:12⤵PID:5600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵PID:5884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6032 /prefetch:82⤵PID:5424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:5696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:12⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:12⤵PID:5820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:12⤵PID:5936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:5972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:12⤵PID:6124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:12⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,5805542890750307217,14549839813993376767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5112
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4616
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4836
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3a4 0x3a01⤵PID:5824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
28KB
MD5a877796bf818c5557274568b351b5ef8
SHA19ddabe8d09940d930df9fa205104ad7bbf4e35de
SHA256c14e9d194ca8c7290748fe25e6f40052191598e0b1749016432e144127afb985
SHA512590fff9440bcc9bd1c898742abffea8352de510476bea1764a5b74603f383a54d21c0f4c7fe29ce1b1a3eb1ab84f89edc972baba8f7adb09fe1f11ba11146731
-
Filesize
64KB
MD5b3cecdb68c56273a9a559a2d966d7e67
SHA19ae2157fde228d8571bb5ec3a4d3e2ac3ae3218b
SHA25669cbf6f57cae1af820ffa152a0ef459f25647175c7567f662205cbbc80e4aa85
SHA512ab09ffdb889facaa1dc09e811cdc1ac1d1e875037572774e4df80b7d6118150f0a9baedf06b283d1c4fa9772ca9826a80e3f5cd8b2dec5e25463a77431b67f57
-
Filesize
25KB
MD594f8b5ee3ed845c94d086493969e5231
SHA1829e8f28bbc2fd673a6af4b53f85448e102ac13d
SHA2564ef2db57ffbfa7e036b4f759451eaff45c9837f1bd79b9f7203b166c9cc213ed
SHA5129d305fce9acf37daa3b796c9c4558270a9de6c83c16a8895a3aeb835b9b0e5525b5941eed8f47399fc0d5e3153ff71e6a370e44bc03e0e1a2c418e1b4405a4a8
-
Filesize
62KB
MD5cfa020ca66c38d717fe9da70815165d8
SHA1127b15a0d8d5dc35996f9892bdd34b9c118b146b
SHA256d840f4248e17d6c34e790cfe150d81bf6d6db3fc0fa8d82c36029e63db0df303
SHA512d77a02f6e92ae56f7c17426d507bd61493b4ad11b3d664aac5fd08b9d91b3b06813aca72ced00030731ca39d602e670501713657f3d6cda21dcd7fc9721726de
-
Filesize
31KB
MD5c58b2cdc4b2aca6d0b2c5b3cab3f8bbd
SHA13d22bb3caa7a2f4e4c58f496671c87f038641dd7
SHA256453190c377780c54c85af5ed4ead80ac2d1dc805c7e5bd5e0c2a836f938e214d
SHA51209277e9da5da3c0230c037977762d6a60668279cacf98cc28d40b1376b4c26209dc03ebe8a402f5242351e23c4d054098ce25b3f97f8d78853a0c02ebd848418
-
Filesize
231B
MD52c11741a0b7531e483cad9f5b44e4b32
SHA1eb1c6c55c614591acd31b448921dcd3841e25363
SHA256cd9dba0a1187f6e23704c17b2384ebf89d795e76e1eebfc8bc84b6b8589e48bf
SHA512c0606ec3e41a9315dfa6b58db2a413cb472649dff8202bbf0c18735e02fca948d29e628f6d3d5186727786d363637accff266b004d054895c4456318165723d0
-
Filesize
229B
MD57687f25bce220ee36127ff2aa00721db
SHA1e9e1baa055a1e422a2ba74c7ea7fbbf0259cf605
SHA2560b0d853540928d7f7065d6a3c8ae6fe49d8a175013f79ff19d79b5c04b9eb5eb
SHA5126306f240c8c57cb3750e4e34994116000346edb792ec41373f3cf6ee1a727c94d4cd5cf2fe23baa13229596860df365af8aca24875ecc764b570fdac30f631e6
-
Filesize
230B
MD554f08245ef291e3e6b9490ee9d7ac174
SHA1788c19f1e04d5beb70bdce229d4e0842f338d100
SHA25614574d0eeca081ba742c10d77f530f575d8cd4998132d9ef6dbacd1117bab3b9
SHA512914c04a94adf9287eb993c88c842589f0a03b69395189e9a034f6dcffaeb19f5c85c6422196cc8085ea6e406ef76ccb8dbd9a4dc5849d13b09a05370de917c8c
-
Filesize
226B
MD5feabd9baa800a1722c9b6b2924a5b5c2
SHA1d569d99dce675e7d7a3b65ca9480bae0877b12c4
SHA256b3f6b5e3d0cb0cac6cfe122ab169078ee4381464ce85d2539bc99d5ad28865f3
SHA51240038c449afffee6a3b437ffcbb0703b74315da491fe82739687b6e1611ddbf7e31db8cd6114bd001d4f46a005ed0492637dc1919f4e91e27b0b66a1b96e1d09
-
Filesize
4KB
MD54acc0b10c4b0e165b0d31bae740d60b4
SHA18d72a9356d09c029b1273dd1482cb0f83db0d8ce
SHA25662a6c937e13b331aa5569112053c31d82b9ca621f1e9ab9d2408b7065ee515c2
SHA512bb32e9e9863ebe51ba6b9c6752ffaddbf3b6e9600fbcd9e18f6472e6279b7cef1dc133ecc0f778c2a01cbf88b407bd00080c093aeced6936a4c17f90e04351e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD592a7f24503f9052e32c87510d24f9d94
SHA1885bc8e73d3959770532f7928e76a320ab24fe54
SHA2564427c1ed3648ed440612c6b21d524e536ec3cc658b0d48ce31a1385e9ed23f5a
SHA5122b80bfe3414b7eb4d6f69935447a1daa29a9a70e8f57cf09585003ff0108659d60c93a154f265f1a1aa898e059f6a70c916cc0dd5c7798becbe7905e5f81662b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
13KB
MD519c98f2d3cf0df1ced43524157d62acd
SHA1d71399d27009ad23b60e3c7bfa2449cec6d65588
SHA256fc7721d36febd1a1e370f0922784cf40361948243999c5c9edf7454ee685a5c0
SHA5121a992fe831445bc070b410e62c86c1d38fd45d609cfd5ed31f95c60ce7576e3077aa0fc46cd73a7b06dc148d90aab1b8bdcc5b9c71b1c94347030e1cc1f6d696
-
Filesize
13KB
MD559bb5e870a95579f7b232fbcc9cff0ad
SHA12eb0addc7bdb9646bae12e09a62284a4a746e044
SHA256a0018891c4d676fcc5c54fd66a031f41a550574f5fc53eb533fcf2bfce405c88
SHA5128d60458532dee5befbf6a54dd97d2b8296bf8b327a5f5e1b2b7d29a69f5704bf6efbdf77eecdb828840d0b4bcf2b09996144ac99aad57bcbf94163fb313225d2
-
Filesize
6KB
MD5eb091051b3ace2b69f13d9cf92109e41
SHA1631fac9ab55ffb05dbed20de386ae19d6da6bbd4
SHA256f04c2e0ead1aa9793f18fb34a4f191e12e68d5522a51562a7d21ef197cf818df
SHA5124155ef809db64379efec07ea4b481dfee215215eb2787ad5c8d0f60532079135ea86378ef63b1afef5d542d65f8a909f24bb34e7e06eeb3ad4f97c9f615e2042
-
Filesize
15KB
MD5cc196fb5f5cb3c1fb3b2add2c10fb5ed
SHA1e67a0ce1f426f4385f23c17eb5fe2b849c21f413
SHA256df9b9936069d297d70d665704468573fdd074c730f1884d8e9c4f684d57eab85
SHA512172a5a8a39856d0be451321086e95a5dc79efbc8274b2e5e06e5e6e57bfc0b5d695d40c9f7d103bcb37a44565468373c73c789507d1e3be8de90f286bec6d784
-
Filesize
17KB
MD543a3309161705132fa5f0707d67a0585
SHA11fc586b5bb3aa23b948d4315b11fd32c5f4a0bf6
SHA256dcf3e2bc3c9c16b619aa2c10bc28b0c2bef2f16c57582905e3b8e904c45ca323
SHA5129522f5cafcbbae7e8a3792e8578e0406048f336b99bb9064419e8ced75b88d2cb1c281108a613a2bfa29909eeb56bfcfaf1d187ab5f57ef14eda25970adf352c
-
Filesize
6KB
MD513c004bda5503b4d31ec09d0bb465298
SHA1e4ce196fef61cc26a41e24939841aebf55fc52b5
SHA256edced8952138a71a0b683b66bce9a24d677992d3af92c50ce925472beed80916
SHA512490162ee389c790c3ddac1a5ed961a7705e083334793fbd0525260d523e44471da9964f9320f2da974c36a6917ae5a8016a765354985a06a16598e8983599f99
-
Filesize
9KB
MD57680f50a0e8d888b0fbfdd21fbda96b0
SHA1a3369a6adc4bf5cfc014c12883dd2059b5ac7ff8
SHA256aed3fead59a64b17e615ebbc46ab4508d7d5e4bb343eeefe743db230ecc23d2a
SHA512fae9b9caf0806eddcb8827a630c5e3bd4d63d634896d52b2da183f07174df0ec045158b9488c87b6188f07aef61c909a73c894ba7ddef39517457f5ce095a08f
-
Filesize
8KB
MD59f89a963a96a01dda3d8bcbf5b61dcc7
SHA1964bf072079241359db441ad2529798a0f5c2362
SHA256df7fed5f8552003d0a18ac5b989541adb26e555d3e478f41a107497c450c4a10
SHA5123a4f1d3cfd843938dc8341a13a623632ffbc719b88c076e8b66acfead957cc6ab0cd1a162750064acb16cc31bce43bdfe49e936d3f753aa68e6e5b3bda0a7c44
-
Filesize
8KB
MD54a3f172055820f04944123233ffcaa95
SHA1611a22b8db59e88ee2c98fd29907e8357d7762b8
SHA2569531e34c6fb317ab40476435820c848011b00e7a248d9a8472a4c55542884dcd
SHA51214a435f023753b85fd83c5ef5c65c5106e16fcaa8ceea9da42d8f40fc922f2b2121a24d091c20a4977a1d4b1f2d314aaa6c341c599c48481f97f664b99e68a85
-
Filesize
8KB
MD57f4cac516d310b5655ba411091f5b571
SHA1dddce767357dd2f31c69b3238cf00791cb152708
SHA25667d6fb0c95f915569fab3b7baee00f71af4824abef1d9b145d55f5a699823dc6
SHA512ac65077ad67fb94290da81c966151054fd9f7488a7daeba628ee5691b15edab119ec27f9d44dd74c88b58b12c73e9ac2a010864857362632dae3bbbc0481813b
-
Filesize
7KB
MD55d30035a5a5b47b80d65f040aec865a7
SHA1f0721f41db8b76b5c1c9371085b8af9e039713ee
SHA2560b82d93d4c24a6fae8b63e558914fc2e4576cdb62df06415c2d00eda12e9b03d
SHA512644549cb71ae1796febe3fe087a117df7cc65771163163c42263d1d6d4d12e3be34140d46c12ae0b543a6b4e5183840caf8ac3059436cb6f0e24bb6b85c94b55
-
Filesize
8KB
MD5205e07ecb84d3c2a0c121836af2acb37
SHA133a373d0b7fa6d679281438f776e34fcca8d40be
SHA2561227dc121efc8fdfd8c22fdba7c1cfb4d1d5604da41e6fdbfc3d0576366ab072
SHA5120bb60a8e5a24ada6fdc66fac12b6177d3ed761b0c12ee532707f3bc4936407da845fd6319296e478483451004f0cfc901ab7b13624066bffcf76d8c4dc1c1765
-
Filesize
3KB
MD522b3862406836805b03317cf263ec697
SHA130cea0087a44ca1e9a71591e4d16b80c374ac2bf
SHA25614ed9e06ab1e6e4f317a32ab578c1366c6cde76327b8cf46063415e49ef9cba5
SHA5124e36f348c0d92a39ddbcd7be238500c02e4d9846178f3069ed01fc2ee0ad15eee3241789c28dec2a6c3a3c802ebbb7181d721442d96ba4bb868bdb44ac76ec7a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a0dad50a30d67ae541d7eb8ec085e62f
SHA122ba6619092f1d6c998fef77046b7e034d0f41b2
SHA256b1e1b867b0bf80b7654c7061e64eb41bb02897d26a87dcd8fa589cee10c94747
SHA512a145f5ec06f0f5464a138fd2f5fe959328ecfe5619f7dd7214be9bec440a42e6710c443a8c18002a044458dd29128243a92de4e7c0ed191fab1ac33f9b3d401f