Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1680s -
max time network
1685s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
21/07/2024, 10:46
Static task
static1
Behavioral task
behavioral1
Sample
bUNjkIKb.html
Resource
win10v2004-20240709-en
General
-
Target
bUNjkIKb.html
-
Size
2KB
-
MD5
0a48b881aeb046ebefe266af67b13bc0
-
SHA1
ba4a9b03ac7ecd99bf27ef79f3870aec36d5cf15
-
SHA256
7155e9922b846beb8a867d928dde0b1cad2292c24fd9ddfd566cc63f03276bb1
-
SHA512
e74d66c0d7dcc2d010740a9509d36962f4338b050f6e6c50a47496c28f8663c674d9634dca09d9c28c995d3fa7bf287124ee77ee273703ce817420bb40a14242
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1344 msedge.exe 1344 msedge.exe 4356 msedge.exe 4356 msedge.exe 408 identity_helper.exe 408 identity_helper.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
pid Process 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4356 wrote to memory of 1748 4356 msedge.exe 84 PID 4356 wrote to memory of 1748 4356 msedge.exe 84 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 3932 4356 msedge.exe 85 PID 4356 wrote to memory of 1344 4356 msedge.exe 86 PID 4356 wrote to memory of 1344 4356 msedge.exe 86 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87 PID 4356 wrote to memory of 1712 4356 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bUNjkIKb.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb870146f8,0x7ffb87014708,0x7ffb870147182⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:12⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:1752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:12⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:12⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵PID:5400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:12⤵PID:5412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:12⤵PID:5464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:5600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:12⤵PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:12⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:12⤵PID:5968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:12⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5708
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4028
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4236
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD575c9f57baeefeecd6c184627de951c1e
SHA152e0468e13cbfc9f15fc62cc27ce14367a996cff
SHA256648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f
SHA512c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15
-
Filesize
152B
MD510fa19df148444a77ceec60cabd2ce21
SHA1685b599c497668166ede4945d8885d204fd8d70f
SHA256c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b
SHA5123518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef
-
Filesize
22KB
MD5ad9449e5c3e35f9b03a9be3c0720a9d4
SHA18e952fbaa26ba1b165e807f530bca0be108db4bf
SHA256537f4e532a9fbd88df3a59c65ba5ac67fa5e73a41bb701dbf56894c8ef3a72d2
SHA5126d0332da0500c678e3819546080e546dba6524ffd8042439f0924ee5a460d14ebb48823d5b710ea17bf4831f623f8937f67fd9033616d2838ef89360c231f7f4
-
Filesize
38KB
MD531f95c6c861dd854263854a5b054a21a
SHA120c49d3566f95686a3d012b259012ca4b88ff7f8
SHA2563cbc8210e6a1a9a5521ae8e5831219c0a9f5c337c805fe41dd769ee76e4e52af
SHA512a8b1a01406c71499a2c993c5b00234c8db390e98af4d98d554add3f93a1f2d8513fcb3ebbc923f758a93d5ef31c0683a01706160395c9072f8c2d7bea57c1c43
-
Filesize
22KB
MD59196e81f8ed7f223d765423c1f9bc8a7
SHA188f9d5c2a6908cf36b8daae803578ca9e1fd2929
SHA256a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe
SHA512e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8
-
Filesize
68KB
MD566bfe390b6a6874ff84fc45799166e25
SHA10a4bd30e2106d6e57ef9d234394c75dc4ead6bc1
SHA256717839367693a90b1b9151d8b3e4df18dc3fc5e5b7ec8952c2a22f76d9b4535f
SHA51292d65f853abac12cc20a1b34c8405893135653bf2e2cf6c292b5328eb3e93c9a7b680bf2534af8d5fa522a24afef32a04527e84cf31a288362378f0e2c509a47
-
Filesize
47KB
MD501a815f69f87bfdc3c02d9bfb4731e2e
SHA1bed2f558cffb34e51f1d70513adc2dfc74af0ccd
SHA256216be4b56ac0c2d9ac8923ff4870fde36d91328a9974d94959444c9ed6cdc6fa
SHA512a8deec491a7c3e2d5798994df60584cd69c3064409be37b68eff704c81caee8207f43daab592ebe73a644482d3daad681e1c7c4ef9a08c25c7fc6a0777c9ead5
-
Filesize
23KB
MD5a5872638c5169b68a6286607917466a9
SHA1f331d15d00aeb957e295a32ad84032a61a67f31f
SHA256f3641a320a56174b560b1b5a2e5d9af26662830fa1aae21b4fe35104db957187
SHA5122614d0fa8c019120dd97b6a11b0f8c03f6700b4a3662e0ae8edddbc0dcf643c6538ba5957f0810780f437f930a4b26228d2e00f8b7f0f5c1b0ade0a745131516
-
Filesize
19KB
MD5e3fff76e76fca5045aba3184f9e242b5
SHA1474f16c68c475375a03b6f8eca9dc68fdf925b56
SHA25644715d222a790b28ef723457564c7160297cdc2c8ac5ad55801b764c9566caf6
SHA512fdf510ce4a33ae264437009c82e938b0ed3fce8b02ebb8c018153ddcfc4511d5f65f00dc0dfe09482aee1a3f76e0873d5aac23e7dd40aeb053e419b1cb582ce3
-
Filesize
229KB
MD5e0f369b578846dbd57e05e6882142b52
SHA1d9725ec9fa2ebcf3c55361f69a7e936beb949f9c
SHA2567dd73e2d2fd4d8bd1a155cc2c5b3bbb0e83d03aaffff91475f05d86020e770cb
SHA5126bfce123993b5ecae3366a909bd96ca95dcd1264da9f57604f201a19f74bebae5aa58d888177161cc3054d5d49bd505b698ef84e3aaf56cf2a53b0c1ada0c684
-
Filesize
29KB
MD5e465f101f881b07ccfbb55d51d18135f
SHA10d76b152ea1ae4aa68db36dcc7bd204acdc571d3
SHA2566f5ebfd0fc9a520adca234fdd34b4dfbeb106942a6f44e65fc1ac54f7d2d6498
SHA5122c1f730db5108dde4731f22838ad7eef4d6698ed5ea0c0951b81b21722df8051623923672c46f9397f81e74741cdec794f03aac37e532d1223a1a1ce448c73aa
-
Filesize
25KB
MD5d0263dc03be4c393a90bda733c57d6db
SHA18a032b6deab53a33234c735133b48518f8643b92
SHA25622b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA5129511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3
-
Filesize
256KB
MD56dfa4adb07e230eb92a44386cf37a260
SHA1c739b1819ce71060b4d9fba1a6c5c93de6610ba6
SHA25688cb61ce72cfc2b148c9d0e0da740c1164e01511347ff2f027aa3fea444c384b
SHA512a2294edcbd2f0bf8689ab0ceb1ad201933803dccae8f245da9b7d4020e901e7a75a43526265fd66fc66fba9cc1774a5faed374acc819648c716f18e2b5778db7
-
Filesize
58KB
MD5d64e27c255582bfdf91a0031e15098fc
SHA1efd8f560e9959483bf5b3ac2f32d45e706daac7c
SHA2569aba33a3527ff6136556534082c289e8ad7d4428c3b79d3fae7c31e023a7b967
SHA512cdc6d2656b9734bde82a2e7edbdcb4f6baae4cb447f0f7052090da822327aa1324907f2d789c4391cc342cdc483d499c1be981b8c74bf7322be05ed3795e5d4d
-
Filesize
50KB
MD51271a1c5d6f720a7e67d7baf824f0fff
SHA1bfae5896c4dbe5dff9b950b4e767293b65101b4f
SHA256cdb2472eb6fe9d7ccb0f8bea3c2a3d71dda7622574fe24e8b0daf7255d4f2599
SHA512c88bc90e883ab09008bbbe5dbca421d79d053f68167f7cb5b830a90db4652b4fb277126ca95aa93f9256f630c250de337039c2e6a7d8dc72ab10fb1edc1da46c
-
Filesize
51KB
MD53fa8c23b89d34fcc51359db6d0551837
SHA169750d3260f6f371a516bfddfe15ca26cf068f44
SHA2564218aacba68899324cbb3f9b7e09967916e41477312ced5dfde41082c6e147e6
SHA51227dfd1aa035ba829b8d76dd8f8012a98dcd06178a9bcafc32a82886b7b06affbd72afd2fb093749a719b43a61a966165d991a2a377a939da24649da288bc4688
-
Filesize
40KB
MD5b786554392ab690a37b2fc6c5af02b05
SHA1e7347fa27240868174f080d1c5ab177feca6bd84
SHA256ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51
SHA512b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567
-
Filesize
21KB
MD5586fbd03a7f8e8efcfb44c02a0c721f3
SHA19be4c35c9e97db3dd6a6d16604ab58c170f70232
SHA256c676919c631bfdf174da2ac3dcb2e3102be25a93edb1ceda7187cf8165ccf3b5
SHA512d79b99b84daadd575e8979b5b076358cba724e522673f43962e65dc9b81da438bc688cbbea1d378a79c5674c58514048f622e8ccea0a41059f2abacc7afb7701
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize624B
MD5908a123a5af4de413e210b3259b9d49f
SHA1e1fe3aab7c0b88285432dfb09dc2d604b600cf39
SHA25695ad67d9734722362d3ba2821daec5ab8ccf7246a89c1944c329bd76d975ec75
SHA512689e031e941e0aa17e4d33d2ad2d59237d0d5d83df911493122d0b3701b7be3169c54322707753b71c0ae13c224ad84ebce9bd709c5feb01eb281000f0a9d40a
-
Filesize
1KB
MD5de48c57173f65bec3154b76f1dd7ec2f
SHA1a2ad4c790b67802e5724fcf01af26d3172d403fb
SHA256311a15db9a9152403ea67377397d7890c97a8175879fd625c291604368f6df74
SHA512bd320168ede5c34240c228ec4616c044cd53fb1c01a0e01ce6ebf42e8004a8cb5f2af94564fd42f94a7d8bf09e014a8cd5b0a89acf42d547a8c74ff6f86802fb
-
Filesize
5KB
MD5e716bebe5852cc798112cf72f9579d6e
SHA1ce3a0f420aaeea25f17486863031777e8bc19e5f
SHA25618b6aa0e4773b69c0ddae638f1f2e736b306b313d7bdf4313ef071a11f5c7b0b
SHA512b8ed73ed37b2a0ad29064f570be263f875b5838edef39f314ea43642b3d71755d4261753f3050792087f58b83bcf7982d77c4c0ee8530deb42be4987271d4022
-
Filesize
6KB
MD5702ac8f4f8aa38494cae79d55c3be5a2
SHA1ca8c1ed6cdb4297dd9f27e742b014bc6c14549b6
SHA256b95ee1668108349041f6b10dcb4201d16306b43384967c9e7ec33d913950edd3
SHA512780ddacdc4e7077ff215c21886f42ac28c1b93ff981b1138676de8824e69f9a31bfc51e9a020e8d0fa5bbd4aae9774be96b3de5a7e9f659b887736d972850c78
-
Filesize
6KB
MD5dc5d2de0cde5f2ca8d795f5b2a985e2e
SHA1d582098f2f724728b9eff83f1a7e7747c0917615
SHA256d73e41bb807c3f57a73922dffeabcc0f295e1b3668afc6dfb405092e46d26da2
SHA5121315505abc604902460791aafda4f195f2afecaf95f90db3780c3c8d91ecc9fd329efcafa51f996c6a954a66572ed98f41ea0e9e493c825f6525a144177b9ac0
-
Filesize
1KB
MD5de8d5458226a3f2869524526e9e689ce
SHA1a28fdd1fa7714279692fc39eb3044be7ef3422ae
SHA2567b226444bbb6cb9e024c3b3cb539707f267e3dfe9aa66d6166eb068cae604c79
SHA512ee268934058ad6e3ae67a61a02fb572f85d1bbf935c05283ec9a850bbe55e8af5af31a56764e508360d63925917248471c8964e81e00d00417fea77d06ca9c2e
-
Filesize
1KB
MD58b01fb54cd1830e762586ef164c4deb6
SHA1a29291551f90a13542642d4d5f33dfe513f2fb7d
SHA256ebdae3c6475fcb1a1c5b0f70a1414a072ab5217869b787d913b406e96ac1dccd
SHA5125d20b063d58bb245e59c4822efcf691919aa43a36a246bc53cd037535e64690f126c3aae83a5c111bf4d3b2ebc3ed27081dc5757abc69959abdfb7a31f324fd6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a8c7b5d67fac32d14151a46b113430e4
SHA16b4270150a0b177f6da4e6274a452c9206204717
SHA256faaa4e21fd292d9d7b80bc8e7987bad8a6a0eb59d4c164807203d34fd5550d02
SHA512059d329d6b2cbba2a09c232512272364d93bd5bd4859729661b11f2e9ff9d99732d2995a0be20a78dd59e1bd1702016acd1e310b31b41d0953d057827e012d1d