Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1680s -
max time network
1688s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/08/2024, 01:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{550ED539-E8B1-486E-B093-108759AA45F9} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4720 msedge.exe 4720 msedge.exe 3472 msedge.exe 3472 msedge.exe 1700 identity_helper.exe 1700 identity_helper.exe 3668 msedge.exe 3668 msedge.exe 476 msedge.exe 476 msedge.exe 476 msedge.exe 476 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4864 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4864 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3472 wrote to memory of 560 3472 msedge.exe 83 PID 3472 wrote to memory of 560 3472 msedge.exe 83 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 920 3472 msedge.exe 84 PID 3472 wrote to memory of 4720 3472 msedge.exe 85 PID 3472 wrote to memory of 4720 3472 msedge.exe 85 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86 PID 3472 wrote to memory of 872 3472 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9f5746f8,0x7ffc9f574708,0x7ffc9f5747182⤵PID:560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵PID:644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5584 /prefetch:82⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5204 /prefetch:82⤵PID:644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7032 /prefetch:82⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3164 /prefetch:82⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:12⤵PID:4860
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:224
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5064
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x48c 0x34c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
210KB
MD548d2860dd3168b6f06a4f27c6791bcaa
SHA1f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA25604d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e
-
Filesize
1024KB
MD51114ce634017135c2d8b1f3f37e28972
SHA19f1680f5afee270c060fef0bdf03e5dc9d783393
SHA25626ff19e95e5a528c6f8f3a79a631701968a23f1ada10276be0a9a401d8f027bb
SHA5120870c9126a78395db1f4c85937301e2095556bb5cf8b36571d45729145f84d7059fb78235735b042060800185f7cc9a043be47ebacdbc51184acaae517a5fd8b
-
Filesize
990KB
MD544a4109232ca7cc829ab1ad8ac1b191e
SHA14f2ac57dfec46d0325d86c115e8583445501b4b7
SHA25675354f3fa8abf7867db04e5e3e946d6df8ffca2dede8b237e5ef1d194018217e
SHA512c4b003bf88edc81099159314463f65d31dc0fff98e81df54713c82e94564eb98ba74f98d39b2606db36c9ba9edf8f824c8ffc52a943ebdeab1ee2b61235f7c76
-
Filesize
1024KB
MD5170d7e62cacc6117a78c59b4bfcd8c9b
SHA14f64479771f0ed9a61e92194f7153bd23d4a29e6
SHA2567b1855cf3881cf128042c43aa2d7da11338792cda3f0ea5fd6899f26f64a759a
SHA5127b3c03486ecbba4036995e0b9a769f8808535cb2728d5d65bd41ac694999dc6c7d76c24fb3d64ee60e7eed59f8121f80ace43231f621f3b1c8aef7618a531721
-
Filesize
1024KB
MD5ce48a9d7a84b840582269fed9953affd
SHA11bcf2369a0df7404073f987a5f0db7704c538b28
SHA25637ee58f398fe0e78a9c8d7144ec8cc9410f74514b27b31aa57f17c94cd705c2b
SHA5121aa92b5ac09da99e5404068287d672e49d45ac5205a7c12e4e13821bcce0a4d86651496ccc883df1a790517ad746f68eeebbdb2541a22b8bb3d29f9b1aa1689b
-
Filesize
23KB
MD5765c5a45a17f2fcd66704c272ad069a8
SHA154daf6e0352b23bb0ac89d7f0ece548a2ffd9daa
SHA256b6c2477ff4b8957ac40a0e60ff96ab25dc9ddb22c5a5a3a47a478b16272d706f
SHA51210ced315a959e4de0a70b97d94c606db69c9e7a1389201fc69bced0580914a39b06e8d3d6f14f06d36e1eee06b46dd874b9cc6dc658041b25bb78504daa040ff
-
Filesize
1024KB
MD5cf593f23709bc4651822eb7fcf50ddce
SHA18dfb876640872037dd88d6c63f4b312165aa42e3
SHA2563a01a2a1852c9fa0f157bafb519a9d09c557e94301b4c2dbf37f689112a93b08
SHA512f1378b06fd46b602dee030566d2894dc0276a62cfc577d6e72297a860443e651e356f831d75bde2bbc27535110cfb9f502e242cda6d5f429734dddd9329a67fc
-
Filesize
832KB
MD5bd0525350f2857cd189fd7775eb92768
SHA166f59d33f2b1bde108eec58140ffe2f025252756
SHA2560daa7b56c121971a942b19ce6a8d8f02d8198debc57abf98e0dbf64d9bb0c6e0
SHA5126b0fff2d2bb4d9801005ff3f99aa9c27d806b0e7a6189a1b31ba1ecc7326b7245bb2c46928bf995990ceb9abcd5466176752e4c08127b6c120403c21d74726b4
-
Filesize
1024KB
MD5a20eeb05b45b095fbc98912cce261794
SHA16a58f4a3c4d9416a922a4ccfbeceb812b2e04371
SHA2564332e3b57f2e4feb1f2c2a1c8704a8e115d241ce6272c833b7f517dd28eceef0
SHA51233e5661b7e3d3d79e7d55ce22516af965e0a79a6759273fa47712543eac53e990df4c4f5785a2416d1f0e24969225cf515d26d6b03e19ea4468b4448272e6aa7
-
Filesize
1024KB
MD5236f408c98b1ee903496c96aca84a2b7
SHA1a48cb310bf23406c68a15ce8681e5c092143610c
SHA2561e5ac4c46ecfee1b378dfcabed70c275ee67edd05f1225e4cb9047a84effb5c5
SHA512b24a9ffd03b7fad69726f824103dedf783eb5ddb35ad1e6be3ba3f48a9dbb440eadef2ee6a72453ffdc1c21d0505579dd1b7aec7026893f5e0f7f6a0e92f9af7
-
Filesize
1024KB
MD5972a7594371e8aa1d50b37a07005c481
SHA14566fcd47938b6560340a16e49943737925a3400
SHA256da49d354ba3d66592446a7b53e7c04a9585bde224390e09649b56a3cd1802bcc
SHA512441e85f5f6fd77ceaf261b0b7384b383b1638fc93d5e5a66710f060632033d6c3ec9558b2a67a165fb24164f7445f5c15d4427188e45d79402d4a9feafab2965
-
Filesize
1024KB
MD5226bd642f4b3d0d86482453430a846c5
SHA148e95c934a2b8c2a310ccf736adf4c6ab55a49e6
SHA25637a771874804bb19b4bc753741332322847ae51e8d8936cd4b549f59721bc181
SHA51229a2b3271efd994c8b1232eee66f31bd0a1a2c4256056204c5eb19bf40bbfbc19b88915fc4263e5b767bf53f356c087b10d027a472d70a4a1e7d5d1d7d255765
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5a77d5fed162bff842529d3442c7a09cf
SHA104c7b5ac7fd13dbc2a2958410148b69539ead8ee
SHA2565dc137e701b9fd9273e15621b50f8f728f7edcd4088343338174dfc55ad9e3da
SHA512597f681b513f59ed7ea2e80c36755790d03fd2a898698b8be9cc3d31838bca5b82383da3cc94e5bf51b3f3168f79877ad7aabb39e329070a33924d7088c36faf
-
Filesize
1KB
MD57ab12f847fd212785c6fa8d7bacfbbef
SHA1f324a799b80e15f361bfaab7cd7eb92b10f1ae3f
SHA256884ef90e222bbdd5a1a0aaa400f616b165c311b7375c58b960823099bb3c2b1e
SHA512b054ebd3823d2d2191367cb8207a32f50660e16b7c16597a46577e0a82410bc0ef66b3a6b5e54feb26bf150f7bfc3b48e37dc7763021aa5601d4ffe42a078b49
-
Filesize
6KB
MD590808021306a3967cb4c66b8a1d9f501
SHA17b9d9202cbf070f37425c44bf5c34ba245328b53
SHA2566e8eac5c99acfe3e371e4b3619522ba1b52b2a8d564e471c03a647f955f569f0
SHA5121a333fb2be8681054a5f481050885916aa578f5ca349764cf3d527fa5b7df0ee6789dcaf8bf4e158df7750e223f8231360b40e5f98b9ae67e4486a6a9263eb99
-
Filesize
7KB
MD5f6616b8493551287bb47c96b847e78f0
SHA1f97f1cdcce78335c70d638e6111447064fb1057b
SHA256ca4f667b64eb7f4430359a4ec5d5a21cdcd828108d9d15f6e0dcdd70729ac238
SHA512e263711f706984f681ca75b3e0899c0078240bb47ea2d7f5e784c5c9bf9fedb18508142d5d5bb83d09c30c217fe8a22ef5dddf598c05e8debd49430737726dfb
-
Filesize
7KB
MD5d53f551b77650bc639cf47772b3d797e
SHA113f0322cba4771394f17468f8019e26ba8c15ad3
SHA25662e8ef1a75f30253824c2231234feb293ff2cced37f0287db3d9c0827299399f
SHA5123a32a623113064acc142d7e8f72d6093f0781cc73f8cd75e0619b213adea3852e12551140ad121155b29bd23f8ba327a745b7ea08451f44693a1873d906346bf
-
Filesize
8KB
MD51580b7b067d2b74facd80dac0eab8145
SHA147a4676a4b74c7f516120fd8a3d8b217d11a8986
SHA2564133d684d4c8ac12d08805e4d7f26a3b1a01a8722283ad7314de8ca65a5f11bf
SHA51202530e7d26826b0dc9ebba3fb1fca7d1c4f50de80b387e4c0791193aa05fd02e60356677f6436378619b78a0cb4b94fd7a87ec41a3e9febee0d3bbb38cc01d45
-
Filesize
7KB
MD5859d71bb231f8ac93250c431bc61e6bc
SHA1605fbad760f352592a13e5062f9c91e2872dc595
SHA2566dbeaaec22096a73ce2f6adb208f4f5a438eec1c66c78fe20612cad5517bd5a9
SHA512a6eb13747b0fe8931e38892337441ce09921cae4c9ccfc7cb2961ce77b8f562f94de03abdb6572b11df60773084cb973dfc52975413b128509cbf436a834250f
-
Filesize
8KB
MD563c23d6d56946526aa7db4b75c1e883d
SHA1017fa0672cb542c984f4a6209cc284f14e961b10
SHA256afc2d039755ac9d3b7c9f8846426fd90561ce2cbd53515e3d1d6ea548683d6e5
SHA512e867be73eec2438c4eb7f19d865936c00cbb1c58533c4ebddf2d5c5d68170f13aa797986c74d468df2d6ab466be07977dad5a19f3bf152cacbc7e15117607ce8
-
Filesize
8KB
MD5968aeb9a9e46b913cb5955879380ce2f
SHA17586f8d8d5c3bd7a2d769a7fbe32a22c3a7b3fb1
SHA25621bb44e641096f379a1b1ba787f085841272fb14c0b104d57b8a93d7793fd4b3
SHA512ccf01047f7949ce3514094bfe853a651bcc50db7518de9dde0754bb79277daacc700faca244d0efa2c593430db132768a8af782c9b014a549ee29ef4dc9d927e
-
Filesize
8KB
MD587b5321d86e521ff45a814782d1a8f53
SHA140cdf8ae6e945fb51f5c30a0ae7020df2441f3fc
SHA256e4a6961bffda0385965fee087a98257abbaa2b2949af936a6b1908791e24b46d
SHA512be0d1bd46ec9551db3b7672f09f0aade933be2585b6b3df439a1b774b5bcd48353b8c536a8d5b4ab59f9710dc764975ddec2d084575249296b8455c4aeb8bdc0
-
Filesize
7KB
MD592a6f91bb7e81bfec2abfba6160a5340
SHA152c6e5b39dd2e5be34b30f017daf143bc4135761
SHA2564b6f94ce653ff1d20195bb95ad1021e37a2d6d64a916f51d07656785e040d2c6
SHA5126818f0cb707ca81ceded0a12a7a600f1445d682f685e8305139cec237906f8ef3145bbb5f7effee7e38dbc61133fe7a680a605dec7e5e3a30006a31b9859fd98
-
Filesize
7KB
MD5cc25c2336e41457804743042cab3bbc5
SHA1882c97db293428e924d9a0b96499e30de89ad957
SHA2569fcf4f34df6efe20dedeecfece62d79056888639c432d087c034ece91c032332
SHA512e8da9de06112bac133e6c48af936e22e8380cdf5c6b3738eb6a7ccdd29be95eb489e0b40eb45be6c2357193a7bb66cb659eade8fad06e1471097c4995a23e8ed
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57b1c3c45313a5baf7d04eaefc8d322d1
SHA1675ab57a9e6961fb7e015e5be1e762b4d0ebe8c5
SHA256c7b96d9a1748a6ea1fe418ce4a7fc7c108147de3785be1ef787e67d6374d18ad
SHA51298d8205b4e230caf713003a29e69a8395ded661bb699b56fdd829787897891b2016930593e538578a45c86e39b2bf968b4dd8e6db91270c955eeb486c34c2b99
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84