Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
156s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
-
submitted
14/07/2024, 20:37
General
-
Target
https://discord.com/oauth2/authorize?client_id=1250715748016324619&redirect_uri=https://servers.novanode.win/&response_type=code&scope=identify%20guilds.join&state=no-captcha
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/oauth2/authorize?client_id=1250715748016324619&redirect_uri=https://servers.novanode.win/&response_type=code&scope=identify%20guilds.join&state=no-captcha1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff75d73cb8,0x7fff75d73cc8,0x7fff75d73cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4876 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4900 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9072 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5385853331573460183,4095888615925353742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1232 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fc52695a78aa4e8734d73b7446ba59d1
SHA115dfb5759ff566206ebd6b8a864e9e43182d7f44
SHA256fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e
SHA512dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51
-
Filesize
152B
MD5ce971e4ab1f7a51b5b9def5887018d15
SHA12f280b61a4c3297a3129d59b84ae971e90fdf9d9
SHA25612e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b
SHA5125358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594
-
Filesize
8KB
MD51a297367fe90d3745e1426c4e298635e
SHA13acdb841b95f998e5b5ac3eaafbc0914706d201d
SHA256fd6d7997e7bc31b8989101aa322aaf1e8e6334520d1fbc00d9209412af805801
SHA512481d0ac1b8a45eecda2a458a11fe5bccfaef5489fb5cd58d007116df309138e68155b15038852be7ad03c543334271bc5c0eb1afcd27bfc5509f1dbd501bd68c
-
Filesize
3KB
MD5b5df378cf92cf0605c46c1645108705a
SHA12628211973ab6f58188208a9fa362da9e74af5ad
SHA256dfc0d3a06a92602356804dfb5a8853b16807073236c1b802af62c790ccfe066e
SHA5128b358fbde141eb5e92fe93e12e6a92c56d1143b15d0a5a9a966a4a5ee493099c1fe1834a62120d5edc629aedc8f77c4e8e033d08468352bee0b85fecde186671
-
Filesize
9KB
MD5f2faa9eb6da83f5d7e8461d3dc8addeb
SHA120b6d56973a56a35c9658db1dadf73429e96c1b3
SHA256bfbdc8f85dae27a987c12fb82b7e27cd7b85ef5a1fab22b7c8b20913e037cf18
SHA512be2090da08268068de73f8d7deb9b9b7369cbbb3ae82d2a0f9095f61e53bf7696eb38fa5ebac5c6b3611eb60be927e6e6e288feb9aaafc2d7e7818ece7aa3df5
-
Filesize
5KB
MD5a9921d00bdcfd63888d1bd27b3dcd84c
SHA103f4037f1340583401d00add43af086dfccc1a65
SHA256c67ceaf6274dfd5a0a58ad7aa782f1b29125aef07f7dd82b39335e24050b740b
SHA512febb8121dfdd66ab273a12a1823c93cc1a71d86aead429f7457a4edfc567e089717f7ae0ce95172bb2adef299f23d857e719f2a09d663f17c0fa7e951a613eb3
-
Filesize
10KB
MD5f002351599110a369776f921568cb7c3
SHA1cac7815c7425032a3a100d33de613520efee0c61
SHA256aaf8876d41c1f539391e70be35baeb0ba2a706b40d7ee4630e20ff863404ba98
SHA512c54b386952d9362af6e4c0b94c75d6dc5dff1e6430ccae23d33d1dd24faf6eb7b91370508e41421ad575752f5c9528b9089cfd25df282b3fbafad5d3c8e883be
-
Filesize
13KB
MD5ad85538bf5eebb37e0e8b737a12e86ad
SHA12cf751e755deddcc8627381e707f07e72f984434
SHA2560bb5e3391c8c6b1d2e39a6c1c731123e22efeb9814a3614e4279a989b12da3ad
SHA5123196144c862d0eb2b8001405cb4c3b2b949952ee675ebf0c07aa14cac8ba61d79de107d6062ac346f1245aa6b00dc171992bb0ba5fc5c0f1b197b0dd35f402ad
-
Filesize
6KB
MD5e78fb07ab4c177e6bcada6b3b9fc1336
SHA1ebcb9626a4bac9fe01306d15ba484612765b8509
SHA25616e8d5e4e69c93f726e283b886c5137e87c89c455d8626f4f0175156bfb1d56b
SHA512df8185856d78c7c97b7341b666f48be5727681529032e487ad2ce28277b68d24c0691488689211a927dbb2e6ae38f7caa98cb695d8d068e16c9a8c94ee5a8815
-
Filesize
6KB
MD544a47cd501314ff2a7962745e0965374
SHA18e5da59dd9b86703e2eec0f7ce0fa336263d6049
SHA256f2a9139c2f0a97134be684c3cd5464b0ab256bff19abe090f77098a447632939
SHA5121990cb722c090032d8e4b8dc73f71a3c9910be227e65469034acd01a5a7948eaceae0c709dbbd63034567c9016480599036f75c4513d61298178377a8c9a0dd3
-
Filesize
13KB
MD56d215e3a9025fec5e80fa074c89ba7a5
SHA1905b46a723817bb3bd7556fb445885df18e39452
SHA2563fca128724f9aa7ecc5e0f088647daaf1b63ec776f724ae831ed58307082be45
SHA512696a2d8319cf54fe372435a5982f3c949ad49e0e1579195dc07d8dd459b30791e43d39449b05cfbe72aa110bbcb7731e9e10dc17c83c88425168897fbd4c86dd
-
Filesize
2KB
MD53d1c011ef13a0071d1bfaecb55dcd019
SHA1699ca85d8ed18ed1de9c34b5dac1d4e05fd3f582
SHA256e1a63a7c34fd1a3e6f7f0b39021dcb2d562f0762aba959041131b3742a465a72
SHA512367f20e6b05041e5576dfb89d2d1beec7219dd6e04aab5afe1730adda18d7fd5405ddc4644fd25d1f63089e2b3fa45b1571531e5aac864cde12a47d890df9623
-
Filesize
5KB
MD5fd52885a0e0c323cb176b66b0f56c1b3
SHA1a94b37d2b8ca8f273d2e83191a4507b1fd1da363
SHA256a43bc65ff46aee5a746ed1dfe3ae513b45b50a61d87f032304ce84558ddad12c
SHA512ccc4f598c78189adb142e588264341f54f5c993e889e470cef8f926bbe1f07dc22c162f29f234d14f63c7ee9d8caaff1ea0313dc877bb10a82c819f2054a1031
-
Filesize
5KB
MD5721d61582c4cf757cc19cf7b1d227710
SHA1d1a2e3de178b79a27ebf729a97d895219cc73d12
SHA256f83d2cd7723f124cdfe23ed2b6593db63a2d1958342d6308270859d6b3293049
SHA5129ba3cfe521d043c8e6fc55fa97fe4a236cc3eed2ffb04c88a9a17cc4777297bb4c4b840a4e9a7b480874e18abf1e27c92e5fe5c637009c58d957c50b431e9eee
-
Filesize
4KB
MD5b2b5341f7b8ce4be37061c167ab56b92
SHA12c5b185b412c4fe738786c4f57b26110ae4c4859
SHA256668261fb48ab991204aff7d0086ded5e971de78d373e633be13fba249d53141f
SHA5120cbb731b225f511c2808f221e023178d2efbcd53c16dcece7a2271024ef80a9d6266d84452c503ca3e7bca537d5f9971f0f1266fc766d7ccbdfc5c988822ef4c
-
Filesize
5KB
MD555b3f51f76fdac22bb005707521977fb
SHA1a9cafeba55261cd2baa0bd8eaa2310a0fa090fce
SHA256716a1c049ea2663a5e7140e7e4380c02479467b99066b37aeaba3acd8dc4b7bf
SHA51296040e3a014e011b51104cf4c6b316dd94101d14329ba3a8464c9cbb65be4f969fa0f615ffd709569088129c18daad87d7a6631f0c97a9754a0c173e06063253
-
Filesize
5KB
MD5a701d9aa5ef896915411aefb6a730c13
SHA1b9c82676fe49f886d44a722c5ba53b664bd37439
SHA256337f677d3e96c8f3d33eff303e460aa40cb654a4bc9465183529578e3d3519fa
SHA5123ff6638e13ed4838ab67ee8a21b8709e136e29aa221e816de8851148a7a2a9f80132b55ab9e141383d0c97ac2288670d020eed3c3bb8660bc58e7409bb9d76e9
-
Filesize
5KB
MD5b1dcf2cf40eaa5abc39da728d652d9fe
SHA101f90c64899c6a3e12fbe73daa80882de3824618
SHA256441a0c6c5cd4b0c598fcc8146cdf0e88ec36f2480e162a9d2936982dc9c9eb19
SHA5120ebc8dfd47c59b2f3d2491fa56f843bd42400db7e90e3cde1aa30b7ce046a7febba31fc1f38c459dcb26d5d416963c8d0d88dea99adf097c23a1b1bea1db3fe5
-
Filesize
4KB
MD5033b855674f106f4073a216f08104ca7
SHA158797c76539925d918dc6095574203758da5cd55
SHA2568a20494aad15e707d375f66ba9452aaa0079a24141115ec97155cdc50b924d85
SHA5129eb7613e2e2b6c12921879c672661cba580ea74282fb1b1d24c6612d88781c37ba63e94cba31e60a6e46b72047fd2e106ceac823854645e5a958ad8e498443de
-
Filesize
872B
MD5de6ddf16bc6f7b713882ab0fd59b0edd
SHA17750ed59e3352465a4e32d410b0d19eb11882a4a
SHA25691d0ad1a16000282cef2049866ef2041055a515e0332b6a3965af70872886386
SHA5124d787ae18474a305b82d174ec695942d9f07659b8e3f9f47a60b904ac8fe2403abd098db34e04bef6d558a311357b0df502a25c946d0ff1f630cd3471d78fc79
-
Filesize
5KB
MD5ec1a3b431b41157499bb54a7bf5cb750
SHA16f6443212c01c9389c1c0b5e6324f367e914d61b
SHA256ffb1e4848bc0575bbd8c374ac5e7f0a5effb52efb8ea3824a61269cb113defe8
SHA512ae538c1ac07c44dd3c04ebacd58df8a3fbc835e3a0e820fa66cd14b49766d80bd1a4205d82eb49fa6da7eda93b72ce46a804f6462c625bec31ccc328d5ead2ba
-
Filesize
370B
MD5b95ea5cf7cd51b4a5660a7ffcc68b051
SHA14091315d56b4f8eb552bfff859ef8da4a1aa09a3
SHA256c2247f2d2f7d81ab4480641432729aa0e825eb07160a0de6369e865d13b8ede3
SHA512f8df767424f7852f97aeffbe16b539edbc12515b3ad09ec0995ef81392b4cd46a08dd9c7b24f5066b2d1b01a301700dc135b92922e4f52cca5f109e304f2adb8
-
Filesize
6KB
MD5205079877b6b54bb1a9cdbd96f0d61a2
SHA18608194b362e5608df4446dab41adc519f4a4efe
SHA25651a9a8b7927eef5bb20701892292d634617a379f1d5b6350f69a709eb0f0a8d6
SHA512ad4d4deaee4f76d45eae90f157cb7b6a9ed0525f035f3e944b7d04e3749eecc1a40596b83cf581fb05b125951af20d9a18f508518fa747dcd81e593754f1d88f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD52c7e8e832e800d7ecc32d15b424f769a
SHA124485ad505aa3b14f9d9a0ae6f4405527f01e506
SHA256124c555ffc3c839ed8744a13fe5569662f9468b83f40cecfb9009b97930e381b
SHA5128879714145cd89c38c71839c413769630a472299f47fbf929ccbe40c0e8ad612cd93422d5c4a03176ec29c65f375a0fe44e8c4a8580d673c98bc1e86f9e524c7
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84