Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
61s -
max time network
65s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
15/07/2024, 11:38
Static task
static1
Behavioral task
behavioral1
Sample
roconomybootstrapper.exe
Resource
win11-20240709-en
General
-
Target
roconomybootstrapper.exe
-
Size
547KB
-
MD5
76314ec560a481bb68544d7ce11e0636
-
SHA1
71224659f9b4092b2a95d8bb8d78fe6fc9811d65
-
SHA256
40f449f0c1304362405e1c19d806118ecc47f9caa58ec85f92abbdb2b6ce196f
-
SHA512
2cc16c7f11911bdc45c0b204c9bc37554e7c110bc52b88744def92d87896409a7b9060ab979bdf043185ef42f84e08fbee81206858851dcf1de006a524fd71e8
-
SSDEEP
12288:DGwMHPDD8c/hkQQTnMOdenCg0seI418w6yFot2wkda7Em:awYD8KlInMOEnrEklyFoBkkA
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 832 msedge.exe 832 msedge.exe 4916 msedge.exe 4916 msedge.exe 5044 identity_helper.exe 5044 identity_helper.exe 3148 msedge.exe 3148 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 3088 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3088 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1464 wrote to memory of 4916 1464 roconomybootstrapper.exe 82 PID 1464 wrote to memory of 4916 1464 roconomybootstrapper.exe 82 PID 4916 wrote to memory of 1644 4916 msedge.exe 83 PID 4916 wrote to memory of 1644 4916 msedge.exe 83 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 2984 4916 msedge.exe 84 PID 4916 wrote to memory of 832 4916 msedge.exe 85 PID 4916 wrote to memory of 832 4916 msedge.exe 85 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86 PID 4916 wrote to memory of 104 4916 msedge.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\roconomybootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\roconomybootstrapper.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rocono.xyz/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc4ff3cb8,0x7fffc4ff3cc8,0x7fffc4ff3cd83⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:23⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:83⤵PID:104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:13⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:13⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:13⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5200 /prefetch:83⤵PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:13⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:13⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:13⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:13⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:13⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:13⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:13⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:13⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:13⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:13⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:13⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:13⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:13⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:13⤵PID:3584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:13⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:13⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:13⤵PID:124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:13⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,3192348545751792444,11934241576218293642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2504 /prefetch:13⤵PID:904
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4852
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:904
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004E41⤵
- Suspicious use of AdjustPrivilegeToken
PID:3088
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:4152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55478498cbfa587d1d55a9ca5598bf6b9
SHA182fedfb941371c42f041f891ea8eb9fe4cf7dcc8
SHA256a4e82ce07a482da1a3a3ba11fcceee197c6b2b42608320c4f3e67f1c6a6d6606
SHA5127641a2f3cc7321b1277c58a47dfd71be087f67f8b57dca6e72bd4e1b664f36151cd723e03ea348835581bcb773eb97911f985d5ee770d4d1b8b6f7849ce74b44
-
Filesize
152B
MD5bb87c05bdde5672940b661f7cf6c188e
SHA1476f902e4743e846c500423fb7e195151f22f3b5
SHA2567b7f02109a9d1f4b5b57ca376fcacd34f894d2c80584630c3733f2a41dddf063
SHA512c60d8b260d98ced6fe283ca6fed06e5f4640e9de2609bcfbfa176da1d0744b7f68acabfa66f35455e68cad8be1e2cfc9b5046463e13ae5f33bbbf87a005d1e0b
-
Filesize
34KB
MD56af5fd5e7f5664fbd66bb347694f7e64
SHA145323434d93044ae7bfbcc2c66bfc7802bde1af3
SHA256c142e57a797faa389906d53576dd5ccf6e53d4f17abf0a73c3fbd3a751cad6ea
SHA512912062fc311d2d7c71c6d98b7df3749e40a5b47f43554cfc49cf80c5659d2aa2ee1244d5248be061cd8ebc6753f6ce824c3bc120d338fda3d8077e5f264871aa
-
Filesize
6KB
MD538f4631732d957cc950bd8b3bcb2295d
SHA1610fc3b46bb7c1215c3e8945f164c667d34b6162
SHA256773c8d300633fdeb6352877170915fc534d2ca6472dec990ed2e32060d25e528
SHA512f03f8feb51b8313b97f8cd368a1d96e733a4bc138c4f1767a4d154c9843febecbb2e67ca9958c6ae26bfba498cdb6b7e2a5109258342d88436cbaf3117a6faf0
-
Filesize
6KB
MD570d2d89026d33ba3318bf00fac1171bb
SHA1890412f495dff92ce9a247bda51709ad0eb4ad8c
SHA2566723707356040e3ef960c6020b1d8bd9f17bccfdf4088470270e9d3e089a50f1
SHA5129a99cb61a11809e066ac411e280ffc875c4104fc588bfd3aa563acb3422825023697bd3acab53df419e5fa3b1c2c9ca93a2256e19f1f608b57c233753bc5c537
-
Filesize
6KB
MD520dab8125fdb4eedadd98433d589626b
SHA1818c4662742361f28f11df2ed7cc685d470be3bf
SHA25656dcd8871ce95541943d3797d628b32b7dca000013dbe157303c635ef2abd9c8
SHA512b2d94002f000839026d38194f8450cf2abaf1c03c995a512c269f946b2640f54348c69da3cbac4ea71bb3e6160ef1ea4548372d8653838c60246132b97e57e84
-
Filesize
6KB
MD5f7564d2a8c0f0f9b6f207d08a4a662e3
SHA11c3aa540c2d4adb6431ab8db56c879939aa288e4
SHA25673baa655ee7f0d25494c9c428b946f11077c1e7a5c67c245a4ee1eee5d63f9b9
SHA51223178f84a327dbe30022fc4c3d34ea11514e2e3bf90feb00181fcba2aa920d4cf853aa9d21931367df4b2550e7a6810cc7b240a4c9569cfdd0dab4a22b338a07
-
Filesize
6KB
MD5339b9962f0b85716dbcb6e3255f3ae16
SHA12fc67165283a40dc88c56d451a21a7792ec86b51
SHA256f2fc9056bd187b4288aeea2c7ced9b0f3845e14aff2cba0ad432fec9072ff459
SHA51294f0979def9e5fa27210e4ff132f9feaa76719b554a2e1c47b90f5259bddf09f78e83b267eece3b5ebb055926c83cfa324b3df590f3cb024b82131c68e12e7fc
-
Filesize
706B
MD58b4aba58751488d455a46e86bf1b1d42
SHA10540d6d7394bf669a31f5c24ebd059b06bfe653d
SHA2565806fe2907b30e395ebac38a013c34c75b40c1dbf065029ae2291031c23def9e
SHA5121e3fc82c80e921dbb05b48d5825ec54e146197a98743cb0924a918798830785d3e43418e11face05b48b82d8562b0e9e7af4aed701a4a306a9c24082f523a6fb
-
Filesize
538B
MD5e49c1583debe88644d0c0a337f76fd8a
SHA110014af4e73d02697308eae232f0ca15c126cf9b
SHA256f604b3843106707cdd1ad0d832068693e4a907ada09f099545b56a945ff6eccd
SHA512a0dfea295936b4dece87c6900ae4a6c099e56abb616a708af27282ac099a9346c601fa31c847f3b3410d43c8a715d0b035d8c5d445a8f8455ffd2e289e1d0e69
-
Filesize
706B
MD5119661235cdb1a76381ebb9859177fe7
SHA1b4346afe9425ef23a3853abfd18dcb910b2c2692
SHA256230ee39f7332889a8fd54c5b8bd8c1b39accfdefc1e364d942dd20606a4354ee
SHA512c3587797eee1adae2557324bb865cea1b1fa1f66ba8f0ea688cfa91cc14048b36b735a4e2b025c3fa9e00b2a08e5626f80050bdd0005a863c16eda993dee1526
-
Filesize
706B
MD5adca6328733abcca6985fc5926022397
SHA18da6de4c02ddb20beec33ec124ca126f32b12627
SHA256c829f6e9071d6466d51a1cd00b829e994a888ac4eb4af8b8abc36964cf7a45b7
SHA512098c3f21a821afbb6394ba7c2054a2a2bb4ae7f8a4302a940fe3ae318aabe382d1c66436bbcbfac9f7f813d64b3816831aac87dcdd089eb04e35717ff129d4c2
-
Filesize
538B
MD5236b83e39635e85762902baa62c06929
SHA187ae61261c7db71b9ea6844ebcc23702a38ef87b
SHA25638e3124a183d6730a92b04a6b3709e0cc78480671ee92f85811874fa32e65c2c
SHA512ccfa30403e8a05415daba15de2434d73cc2f06399f221acc3b0dd75a52291b8e3073e8962bcb6b6fb8659bf6b257fa14de679c45005b5a6a74ba8a415b0ee552
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5980edd66dc62856105d6555d5093be94
SHA1dd1a58658300e2cdf6aed96f470f3d566671f3e5
SHA256d6d1c2933198f1e05c3cf58142084a6d1d0d1bddf77e0883aa36386c0c630e14
SHA5126759fcbeaef4ebe9262bae0441dee342ce06e07b953d8bff8daafb2c514ca7ec5ec0eb84d4a90a8d348b4355e3064b5dcbccd7b03c372b5ad9a00473dbd057c5