Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
-
submitted
20/05/2024, 21:54
General
-
Target
https://browimeto.click/?up=e2a82bc944060d36243d5&d=1&x=102&down=b70dc785141a5c00a9eb9465&p=Mafia%202
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://browimeto.click/?up=e2a82bc944060d36243d5&d=1&x=102&down=b70dc785141a5c00a9eb9465&p=Mafia%2021⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcfa3b3cb8,0x7ffcfa3b3cc8,0x7ffcfa3b3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7012 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8788 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4592 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,74135022155788896,4798227893210520881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
Filesize
230B
MD5a33c13aab26c2ebf89f6971c7ec92395
SHA1a68c78431776208c9055046e54f3057588104e54
SHA2567a8e57f1042207a90e7f9df8177b796cfb2245a96636ac999f202f5214fb0596
SHA51224b47dc44cdc605b9d65f7eff42be2dac10cb5300b80af47e08dfa3150183dc9e24a1d1b527262318e886eb526f07f1651eae5e00a2176e194307d960978be95
-
Filesize
330B
MD56c420bb800fcae096fc9cfc8184f02a9
SHA13f2b35f0efa30b7adef09d6c324c7ca2c26c6591
SHA2562284f8112a7e5942aa11aad6e3002d5cbaa73482ea2dbf0bf571002eaee534d5
SHA512647204118c854ba33ac53fc5f5b0529e438d183c4c7da33747140d556de2b60c80ed38e1c23a9a154f492b81a80a114c387e590a99153d8e64b4ef7c3ecf9c58
-
Filesize
330B
MD5600ef7ba70eeb116dc1ec2af12fece5f
SHA1ce6b0f82800e9fd020e6e62a433833ba99765923
SHA256ff326a8b75f4d017c191838c38ce368ae4c6b33992bd7f1d8f33857fc283295e
SHA512d5552ef7229591bcb74b93f17366dd1b71cc5f8cdaffc7e0de06168a685be02035a11a1d47db37ffca0cb9e746f34f445fc7e7949ab8e1aed67edace0baa2e80
-
Filesize
330B
MD5c3cca86c384d094252264ec74f1341bd
SHA1303cc29b4d6f2fe3da9d7a38740e7d8e57ffc314
SHA256dbca8435db95780166fefe1a1ee4cbe5e69a7e049332784025818ba180bbb598
SHA51225fdb2cefd44b1d7dfde5358008894d8e97ed3b1d31aef90ec427703b692309e827122a286a165ac1fa356630404bd5c21d24158206fafa758c500cb9f058d8b
-
Filesize
152B
MD5de47c3995ae35661b0c60c1f1d30f0ab
SHA16634569b803dc681dc068de3a3794053fa68c0ca
SHA2564d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7
SHA512852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb
-
Filesize
152B
MD5704d4cabea796e63d81497ab24b05379
SHA1b4d01216a6985559bd4b6d193ed1ec0f93b15ff8
SHA2563db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26
SHA5120f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d
-
Filesize
7KB
MD5e24489a8c857efe98fa496298b49d39a
SHA1ed8033cf7ebc4261e3cf2f7e7cc4f3727f0ca875
SHA256db04e0eb482bc578f250971aea74ef66cdf1ceef0ef6e806991b7d7813304102
SHA512bccc7c396ab35deb80ad389e8fafddb7ecc9334efbd61e541856ebc338550941a2f9b469aac1afb26c9215dae41330f1e9a8b0f8d744b93ef094dd05e941b680
-
Filesize
456B
MD5502e71785e8cf45ebd734a2eaba2ea7a
SHA13147ad5d1dcf606eb6531e4165177e7c09d16c38
SHA256f37b941092341f0e9b362bdcdd91143d31cbe1410f301e8afe7c6996fb5a6d3b
SHA5122b875fad475917538f83bce55d9c60903d77bf79c87cce88fecfb170dd5df1104d81b1f56c62db20ba14e5c8ea7b1d3ce9b39695874b9952740d7c20a9b9a9fe
-
Filesize
2KB
MD58e4ef799c37441ca11f173db3ce08980
SHA11e26971d9571666bd12fd944469a2b3697a3a87e
SHA256d68940d48c96155d148f4d90dfde4777ef8e7e932a4d556e186afe238c3f7ee6
SHA5120c6aee133df4e1ad19fd677540258fbfd96be8de10d4fa8d39f7d22c124a26125cab4209f88887a00dbdf29395f79e73f21daccae98260db00f07a257425968d
-
Filesize
8KB
MD523703a1212a5f02aa7ff0e7c6780bfc7
SHA1ee8087429a335303ed0194f5b85888acb9fc4c43
SHA2563cb2acf73cf3020328423cadcedd88fe2b4f91d33264f396064fc59007099b16
SHA512e1a45ce1771f44b827cd37bdad50d391dedec24754f3a6db955ae39c58ece41d5fa3da7f746bb9c852a25157597bdf72a01aa423d139a2d23383d45f220dd7f4
-
Filesize
5KB
MD5afcd4f88d123efbb71be9d70b4c15234
SHA157bcbe06b18d7e593e7820e36e21e5899a199823
SHA256428d4b286cabd094198c4b2a05d8093d8667f0dfff5beea43bf80e696eba1638
SHA5121eabae699e0d79b7b53b0511475b9a46063be955a8a9414a0b302f24f583611155f145e2fc65f2849fdd90e9226c7687006b263e35d95887801affc7e0b3f8ff
-
Filesize
13KB
MD54f828cf8ab670e4ccace2e4e8835ba41
SHA185473ac877cf06aa9db0cb6b24bcdc1e4e75371d
SHA256f01542704e25095deb2e4f1bab2e774f2ed5942456aa394d353f11868ee4d65b
SHA5129fbb27a05d025c74fd2e4a9ef52f19d85a9591e2cc37529b11acfa5cd115c4db0d0fb7d365116bd8b2704ed1e68262cc787114994fd969f5a2502ba76e93ec99
-
Filesize
13KB
MD50411d6c11eed2d53ed91960688bd1a8b
SHA101cee59b1777037c15a609b62fa690753d22ca8b
SHA256dff4d4947c605a8dfd32eb0c622b7676d5c24f2746b721f2ac9f2118f4f0b851
SHA51254a4c83509ae453558e12adb5b4565e453bb0a8c3c046b7efc84d22184d7f4986838a154cd9fc6b8f4953fd7c1d7f1522db5cd55a7ceeefc6359e24ef32f9572
-
Filesize
13KB
MD59600e14d3d4db359a7d400f30daa5bf2
SHA1b24f1c1f6a0d50089784800ea2068c1aac230f53
SHA2569e32c4bac5a4c7386427ad87926b3ed8e7ea52cbe0468e5ca3f257ead091cf0c
SHA51247b2d6f09c00e9538fbab4d454a69422bee6345a386d19efce6678a023c04e84f2d1bad645fd3b3090706421d57852281028c8ecf7b6ce9f7d991ed2da130ff5
-
Filesize
12KB
MD53571dda765ab7ab5a2882b59ce644244
SHA117816a3e6de68b0c0e3305fc100af105ff280a12
SHA2568368831a423479e602ddb897b8fd076d9010a5d7b9c15e38ac37d2413a0542ff
SHA512291ad676cfcff1c77c0f522b7cae33a3c3f1929307ac5429c2da572480c5a09c8999dc9fbb939a3d25a974b2e28e994474e5365e260a563fcf6eb77c9b6e27ba
-
Filesize
13KB
MD5dea82a14d3ebd920c1375c6fe1eca95c
SHA185be3dc761e42ed17a45871a71c92e86bb7f4900
SHA256ce9de5d11cc1e9e400184788e9edae07bf30fb832f3f2a2a220c4666fd5c6660
SHA5126f263195b5eee3ae7b4c6ccaafd517fbdacb26157a23b071e5e0cd4e6e76b501d23243384fff082d675486461c2295465b3139c26211716db4ec497ef71257f0
-
Filesize
3KB
MD5aa197b4db61527fcfcd6b28bd9ec5645
SHA169c1a93dbfcb31a5d7d9ced039591ee47167bad2
SHA256608510835720fab911f402a8a1289e6fae5f3c6aace28ea27c3371b58c7c1a1c
SHA512a62bff13ccd483fef5193a9cf212785d497421067671ec5f7d7ec0420c1696ad8a2c2dd8458f493cf1d35ae71065224bf705078f8c5984d16daec5b7e58e7f82
-
Filesize
3KB
MD52c23aafb9247b18ebc466a6247879e7a
SHA192543b371d4bafed67c0e3ccf9dc20f7c07457a2
SHA256f226ac51168d817f683472592fcdbbc8efef3ce86e8081e20a5a033ff55617ad
SHA51246286ab09cde7f07e88395e06fb87917cb37290e926a52e537eaa32b6bc5197a811051971279ba5625fde31988631f2d73afa01e995e6c4d1a1624cc22648bbb
-
Filesize
3KB
MD5c6ade6863a62cc3af8d13f8ee0267247
SHA1955fb4a9c7fa3e7215b467fe040fdaac4270fe02
SHA256b6bd9789d40afd80922a39bf0f01f72491f91f1ca14648bc03988ece4a3cb4dc
SHA512d619f8414dad82f57dd748aa04eb7210082cab345ef950f0292ef86cc91f1508162d91d64f51518978967580811defb78d633ccb4669ed198433fb5be85936c6
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD52f68f67ca1678c09bb64b568fe8f3621
SHA1fa03df3b4294b501ce462ec15a3e4152497e0732
SHA25662b260da711e34b959766867e5d480aa181404a814261d2aece2714946fc69b9
SHA5126ad117efc63326d8fa61fe13217881e2551a9f2a6ec1e625a7d776a90c8d518b65a7f6880952abe9429eeff198ff68fee1248f8e0c940adcaf7466cc2768b8cc
-
Filesize
12KB
MD5395d2cf9b3ddeed0bbe6b30a8b3369fc
SHA1f3e87c6af02aa5b3e7161f5c6504574a7a9d6637
SHA256cc2d99074017cfaaa55e0abb1da1a3a997218c26296d09e758051b59b28dba3a
SHA512fd5e288bfa3568d627934f29198b078f59e5235d2e9d49d10655e88ce44ec084f1a52e567feff69de1100fbe8410d43f3035628864a1953d0eb57545f8674ed0
-
Filesize
11KB
MD5ed1b77b7f20499287054e0c7ea46c3f6
SHA191ff7a18d24069e7aaa2770346c0a158b002b8c4
SHA256e87fbd605a07bdc04866dcbe5d0d384c6dec486c5105ce370e4cd921cb3086a3
SHA51286ddc3b06a080843d978be255864fd5868eda8fa85fddebb1f65b32d1bee6ca5f2aa858ed67c46ae6ee45470bb2242770741876a4a61e9475ae76dc13223e714
-
Filesize
10KB
MD52cb9e3f89741961748d38d15dfecc8fb
SHA111f89dfac73dfacb194fa01bf6e7fddb38c1f6d7
SHA256e76dcf1390543fde2ae6fd8263e90df10923df9dfe78a5fb588a50654577fd13
SHA51220557311d13320d2f7c8bfb99e49c8af30dbcbace0faaa5101f9ea893a017a55100bf2b3c466c9d9cfe4fa8a8affcef9223a870abbcf571492fa90abd0e748f2
-
Filesize
10KB
MD50e1bf269017cc7ac2817fb849debbb3e
SHA14b0912ae955b3cdd00a9babc4d55d2e64d8092c8
SHA256f2df08a8d1cec91f16b3780772b18031139c619394bae059fd325a7a15f2827a
SHA512c7eb9de3a208c4a9944c6671fc94c5654a1cd7bd59c58dd297a579b35ac2fffc093f0eb3c274691f13d9d7c5dea72e091779f43b13f0982053ba654767712cf4
-
Filesize
6KB
MD507ad20e408f8ebd6b8385b87e3b6a454
SHA1ab53a26f47ada0ed53ed2ff80ed4c3afeae26ef0
SHA2566c7aca652e204bf6c9c1a2a6147ab2e7ab3a8c8d301e4681154019507c670adc
SHA51276ca2a18a7d3af61f8dd66be76152e4513b9337b5eb7ea3a27ec2b2011eee29f42ef17d14e6f2fb7fad4f2111659053bc9aa834e1830c16c6204d813b2318dba