Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 15:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://viadeo.journaldunet.com/
Resource
win10v2004-20240508-en
General
-
Target
http://viadeo.journaldunet.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 528 msedge.exe 528 msedge.exe 1412 msedge.exe 1412 msedge.exe 324 identity_helper.exe 324 identity_helper.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1412 wrote to memory of 3480 1412 msedge.exe 83 PID 1412 wrote to memory of 3480 1412 msedge.exe 83 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 3592 1412 msedge.exe 84 PID 1412 wrote to memory of 528 1412 msedge.exe 85 PID 1412 wrote to memory of 528 1412 msedge.exe 85 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86 PID 1412 wrote to memory of 1620 1412 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://viadeo.journaldunet.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc65f46f8,0x7ffdc65f4708,0x7ffdc65f47182⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5444 /prefetch:82⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:82⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵PID:5704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:5184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:12⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:12⤵PID:5136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵PID:5156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵PID:5160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:12⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:12⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:12⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:12⤵PID:5264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:12⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:12⤵PID:5640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:12⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:12⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:12⤵PID:5260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:12⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:12⤵PID:5280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:12⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:12⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:5780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:12⤵PID:5704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5639149994728765445,5559211618145035467,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6788 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4928
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2900
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
149KB
MD5eef3c24d5515bcbb081bd45793054587
SHA124d534993b06b25bdbb747f16a000f02d447fa3b
SHA2567db187160eeaf67046bd91c267a8b3d71d47a9608581f303672261430d9bb895
SHA512582cc561dba852bbc2f181f5bce8f0a8c0b6010c2cf61a692f1df9aa9d91fa6738f2ebda797794c390b9e804edc1c364e59ae5f17c2adcb385f1392830fe56bc
-
Filesize
21KB
MD50eee2e7bf41a97db89d6bfeb556bccbd
SHA178746f8f31782474d03e4c3c5d23f4c9cfb14820
SHA2567e30a5ee24bb953c4b919ee408c0f8e08c9aff7d79907971d5e8eb1bc10782a7
SHA51266bc55ac282b48c7788a40b2ba1351fe998e062298605eaba135a9162b226aecd91b8a69e2e0a2fe19e59a81f2301d8af6d11ad2da568af5bf1101cb6e8706f9
-
Filesize
59KB
MD5601154ebce598bf3e106d1bdf326260f
SHA102f4d3a5921b958a76e3026157b886f8917e2508
SHA256681b00dd25a2cf5bdef2eff56ac8fcbbf48572684d8a21b942221b1c6435c4e7
SHA512b4e78c4857752fa461708831bebed7ad74858b360e677b5131ea62fed3c2a26583733f6d921e95c6fd6b7a25905340de7d6a405329ec12dc4f9ffdb95789d868
-
Filesize
16KB
MD565c60999eeaf214918f49e40fd5d4ee5
SHA11688ed2c013165de6ddfc5ef2090555eb0efe3b2
SHA2564fc7b1873027d601bebf3a706fe49cb1231fc087f7dbfe2c8c89f5f9b2e7a93d
SHA512f73db738a9f0306661e986395fd99808df8e9a18e36fb7cd9adf48a91a3c16f795fbbbc428b9eba9131aef2ea072e5c64fa0c9fba47f85b06b0af896dd617145
-
Filesize
228KB
MD53e52c9dab1abecb5412194b03a75b52d
SHA1e4d586dc429205d8b05b95d9538de92e275d6e80
SHA256f5b153736c93000ef2e8c3cba6c2dab68dcf9d356de620c89fe5537750b17e0f
SHA512b63d96abaf985b986a7ca42ce66c07cbaaeeaaf4d168f59b97a9bf289095b2b448a82019479ef81895049ee50ba5702d54608415556b8081862223c85c504240
-
Filesize
24KB
MD51fc15b901524b92722f9ff863f892a2b
SHA1cfd0a92d2c92614684524739630a35750c0103ec
SHA256da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4
SHA5125cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75
-
Filesize
206KB
MD5f998b8f6765b4c57936ada0bb2eb4a5a
SHA113fb29dc0968838653b8414a125c124023c001df
SHA256374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716
-
Filesize
88KB
MD5792f81584aee1d7604aa4a3c886052ef
SHA179c1ea5d5d515d78135e5e5947a143a72d46fd12
SHA25605cdf70894cbd61a37c6aeba99d38ad0f32ae30d78186e4f340b3c900861ad6f
SHA5126efe84416e64b5b5bdf127781772bb2fe8d361bc19c2548692b0e91846ac736e5ae596240973d425cac64b0538969673e53796e355c79f8fea27b95c25e2743e
-
Filesize
29KB
MD5bdcfed56131a72bd10b85bbec015d50d
SHA1f46d407d2494627617ebdb03ba5c1eaae17c1417
SHA25692c701712d4fba194b11340cc9595021b31475d4e19bae5c97d2b551ab07afea
SHA51255aa3591986b38a8f32b04660acd1b3245bfe45044dfdc980817258d8d417d37dbce13f98c1e1faf27fb27c5e7b4de26d2396bea161e06cf66a76c1b8cdb7332
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD516485a3c49999305e02daf9a0e4339e9
SHA13da6dce5333f1acf1bcc2b6123cea7fa5debbbd6
SHA256bd8dfcd1ae3ef9f5b6a8d44f25bbfe88833542450cc7ff3ac422b93d2a44d491
SHA51256fb389d6d798c9e2de5714b994bea020e83e78249b90b952b26837c8c5a7eb0256bdad6ad83dabf1da441d035e3ccb7b71d65366abfa2be262c3f8f032b36b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.journaldunet.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
11KB
MD5954a62908417443cd2da7a0b0650a780
SHA14371c2689f479fcfeaeb5ea35f861234ffd24913
SHA256700f122489f8c0dd0fa6ae5abfef18e14a60a0dd8b2574a2463d793011f13b51
SHA512067897058b14f26865153180d78da7425673b5894d5c9786f99ca9d500c5023e2af048e76c998462bf514a62d34d9dc270ca864f887395da9753aeeff59f6f12
-
Filesize
11KB
MD5e325c7fe4dbc8ce46e98bdeaee5d88f0
SHA10d339eba65e074592ae19dcaa787dd3ecf912930
SHA256b32bf89f359ebd2e3a8c183b745034339683c368b67323061f0105861caae3b4
SHA5123d84fdeab6d342c3687cd051d52424319a746a8f78523602d96017a3a0684b72e452a551a05f6207bdbbe1cdec191644e3ed6a74c189f1dd0eb2f6fadd084dc1
-
Filesize
7KB
MD5298f6f1f7941cae35b6493264212bdea
SHA12d103348cea6e1be9b814a518fc2cd5bad376db2
SHA256836238f5d8c57aac977f5a2e590f2d7fb4652acdcd0418d5a359360d9a56e0aa
SHA5125a0617cf7f2021369cb0470afb4f50ddb2f50e710db774c816b64304bb3be97bcbbe0458ddd233b06686e85e43cbcf8259f326814d8ab64fc11f53506374d674
-
Filesize
5KB
MD5b9367598f2b8b279e02de8c48400e3da
SHA18fe2b35a092488ccccc094b622d0973553b0ac0e
SHA2564ef0e43445d7eac607271e093c64582d11d9a498a6f11fb94bc1c267c46af4e0
SHA512596a1ec29e907d49aa52a4a29af56496a98f99d055187779af71768c0ceab66d60deaef90078598e95e565c4ad5134eb66efeb44c8a4841e862c694a0fb649ca
-
Filesize
7KB
MD57fac598e238bac9f4b59ce1c06782365
SHA1d7694aedcd6a17d8d453693601fede428453ae75
SHA256617405736f3ec1d5e6f54bbfcdfb052db06cea58aefd4480eb32bd8f1c9ae8b3
SHA51288105faadc210dcb09fcd0f8de0d6c76b78c7cbc24e32844435f17efa81da7f64174f8cc30548fbb4e2e11b8a3d8c479a43c257bdf1b53f2f6cc5bac8d237c48
-
Filesize
15KB
MD5c5b900ad0cb13c97993bdae17534390f
SHA1f604e00b43939917eec3151824371490f4bd4622
SHA25604631efb5163d92b27feb38ca44a0ba62d956ce5f213880b7867bc0956bbe9d4
SHA512310aa486632e0213ff765196c2ceb0da37c00dab969d031c64e51a8c125443516e0309b7246bb91118a229e380a39850adf67e11d111155eb0501cbd45c658a5
-
Filesize
15KB
MD52785a6f5909950e3dfb3875bc5b3d929
SHA133f5ca35bfd2a8298503555d97e2f2fde4cc1bc7
SHA256db39df49b83901e15a6e995d53406f65a010e55236c4389bb9054a002df3669e
SHA51217c663bec915b73803f4cc74a75d7fee16779bd45c713c88739246c6edc54dcba7bb0a9863e3d948438e1c5aed0f2a005eaa20b9f6851ce190c1f9741f18841e
-
Filesize
872B
MD554f5c86d907ac7d1c844299995130294
SHA18af2bbc4a21c68465a489be29756a913eb150236
SHA256997222f064604916273f28d864a1aceef85460c718db172d755d91312cc23b36
SHA512cc2491b0135c4ef63d9d204204c7f13bb2554e55abc62cb1c6810ad628be608118d930282f9c59023f3951123b73a7d7eea45e6b2b12e9fdf4f55d9a2f885e29
-
Filesize
2KB
MD5e3a89151ce9d481312b842cbb529cd27
SHA1cbd399ec3c146eecedb9d69d9aea92da91b1811e
SHA256e593f8a20fcc1845162a9831f54306ff8a541924322b290fd406776cb26f8501
SHA5123f722807c6674752745d6ca0d644ab035cbf8e63d495fabda6ec0429c6d7805e61b011ef259fcd92236e994241918da1765ad77219ff3987179801fc2d067f84
-
Filesize
3KB
MD5becaf94469464e053bcb66fa8bce4e73
SHA16af5e27dd402e9232aa7b7efc687285b0dbc641c
SHA25646980db08bf3c957acf25d6277fef78400d35475d44618393101ba9d923a3f62
SHA512afdde841abb81377a323a26e87a391688aa552483df0c42317b1465eaaf5316492f8f204df669de45db65c2777a58637b52e5ee1969e65e1077400d69b0f283b
-
Filesize
3KB
MD5c5b72374f58181ddfc425f4cc977c859
SHA121fd742b37903abcac9cf296c04ac10889e1a79f
SHA256858fdbd885648d7c2f9df83fa4c0ffa1f06d8016e3e4028e29fd2e7a74811b77
SHA512c25c86c1822aed16c67a4cacc61725b91ee652d13b72923c38b4ab8abaaa7c997f0ce68a256cf571a0c61f57d69abec57ad1998b290fe99f82e2c1964738f1cb
-
Filesize
705B
MD5c747d8fe43c03b30a7c644d69ed5cfb2
SHA1ef4ade972279be191cb61d03302966dd3144c1f7
SHA256a81a174fe93dee1ffaf78ad76fe2b786ddb5b9f3d1d49bf389185b80ecb50783
SHA512e3732eee87eb4659f4a8563518de3c83bfe301b4b8e0247b87e24afbf059404db2def3ba68e246882680259565254176acbc3cdbc32cc780ca98093524d7a826
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5737aa04363c0181309ec7b48c98ea693
SHA137e415f9075829b80100bdb007da456b0673dacd
SHA25660c0cff623939dbee4d71e3078f4c151fbb97daf74b3cb4e28246db0fecfc65d
SHA512a5aacc4ebe765cd2d7d2da7151a3de291386c894e2261f732276b5ba3018a45cd1f4d0436ff32ee5f3be59d6e90a524dfeb80b42b8529b95318b5dfa0ea633fb