Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
90s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
09/08/2024, 15:08
General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbGtYeTVuRjZlWEdaOGFDeVpLQzVGRkIzVURMQXxBQ3Jtc0trakpGdG9tOVRtSWFVblo3clkwUDhpcUVMb1pnVk50ckdoQUFKOVlLM0ZLc3I0YjNCTk0ta080V2llWTZBN0lwZkppODIzMVdDcG5tRVBvNjlRSWFqdE9mMk44VmR0N3VWQTh2eGtYUkRHb3QyQmRyUQ&q=https%3A%2F%2Fzaptosis.com%2Fpiano-2%2F&v=LIA9RhSv2lc
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbGtYeTVuRjZlWEdaOGFDeVpLQzVGRkIzVURMQXxBQ3Jtc0trakpGdG9tOVRtSWFVblo3clkwUDhpcUVMb1pnVk50ckdoQUFKOVlLM0ZLc3I0YjNCTk0ta080V2llWTZBN0lwZkppODIzMVdDcG5tRVBvNjlRSWFqdE9mMk44VmR0N3VWQTh2eGtYUkRHb3QyQmRyUQ&q=https%3A%2F%2Fzaptosis.com%2Fpiano-2%2F&v=LIA9RhSv2lc1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28c346f8,0x7ffc28c34708,0x7ffc28c347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8904 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,5493046350496058675,2428429398706512584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x3001⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
20KB
MD5631c4ff7d6e4024e5bdf8eb9fc2a2bcb
SHA1c59d67b2bb027b438d05bd7c3ad9214393ef51c6
SHA25627ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82
SHA51212517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
12KB
MD5221fef201b0caac5556f95b48f680c53
SHA1b9202f4676f9e4b4ae809a76c0e9354f5f298e26
SHA2568ffe183fce8871318ee96c40e12efcaf4b8051ee0437965612d706af74df6192
SHA5124af1f78685d0551268b252761dbb7a40999ba90cb472cd83385dcbd84186a27d9e11321a8392f8b334badd850f7ba23914515dbcb595e55e2f0142f0f7b88140
-
Filesize
6KB
MD59d17e2594fd88ef22aaa4a72c7412c83
SHA1bbc3c0b24af55700f6b5777d6c890ceba6e93d63
SHA2567f4d7fb7339f0951227dfa56e5bee2365d505d81b2380287e5e27447f7b8c358
SHA5121a57b2573a406a8a20673b4d85be80beb6c408de91e2842f30e6b87bc7889832499deabd9490eba7b9df7f397ae69bc1802347c710d319c5e9dc30f33a0c6e62
-
Filesize
14KB
MD53ea2df013effdc833eccc0f6098083de
SHA185c8ce43727953770031bdb4a62832faaca40a13
SHA2567150a05efdb825d461c8ad56c4fce075b1bf8841389d1aea721d9c0c81d2baad
SHA512a600dbaa2e5bd08a8bacd14b2335acd3fd621ba2dcfb7f80ba326cacedd92b920edea651a482981595d31f3670857c9a5f4ce93da04a8e0f0375225d7acd9bea
-
Filesize
17KB
MD5871b532c8df13e2149d01d887aee1e00
SHA1ca65444a828bca4d27ac0ec566b3287fb2a1dd3c
SHA256c978c8e0b9d405639593fc2a736c903e8fb8f6360b9969162882f0ff4b04ccb7
SHA512af65b37881b6257392878e12df0ea3af25c2a231f1224fed4321e80c98b70bb86aa00334bc47113bb6294e973180e6b33a5ea3df165e47c7d1204fb5342dbe3e
-
Filesize
7KB
MD506b721932a890e8cd64c1b64e5c614d8
SHA1c3e5fbe7d7dec762b3f56409966946209e0f0a58
SHA2563b11d2ab92ddd958333a75de3f7345e5b33382d23d6570faf350ae9655d3e59c
SHA512f292b13ba9a4bb82c94721869661563028495ad87969ae102942cb1cf1c9a2d80ef612e5e3fb913a435edbb38ce436fe35b1e89668846536b12f5562117d3e93
-
Filesize
6KB
MD52b83ab8fd68ba92da7625fd8e3659f8a
SHA142865c6575362a6e22330ea355de8adb1fd1e44b
SHA25657e59eb1831738d3a32095d474654128c88f508b25c7ab2a89f770566a96e1bb
SHA51258cc4ef95a02c59bceadc3d42869ed36e0929ab63391ab63a62e866943555618ec922a99e0362cc49acc167fb2705c9a9628b13e8560c32d5f12636c2cd4b1b6
-
Filesize
2KB
MD5f2da95c92f4269da3562a13679cb06db
SHA18c8a7ae5f7cd392a18e69ce90791cbf94ebb5051
SHA25654b1fc4f47b322b7cdd5f4aa1edc44951379e8427315acd75e11f117b901173b
SHA512688b2930294a6b746ccb481af5c7916c97519a8c86ed0d264dc23a70c753754db2531bc52dd2300af4bda4d7b2af0d66ce3fd90ea13b5c4a9dd708f3ecc5f484
-
Filesize
48B
MD5d8a171f0bb436e956dddfa23d001bad6
SHA10ad819db7dfd258e90780e2b1e8abf15c8626838
SHA25641500d51dd78d7f549de205d3e3da3c43a8442420ee4cc2b395483a0c1b60cd9
SHA5126d68569a6a787a2afd5bd970461565750b24acbe88a33e819dbb183249855aff0851e00cc479f820b583943875a21dc8cc6952fa17330b7d359e195837f54a00
-
Filesize
146B
MD5b70d5f81c96aa2095aaf74cb2ef357c5
SHA1be5a9f1eec5c52b5cf24ee1c5a7f7d303fe44807
SHA256c30c26e09bba481aa914f2b3d07319079e12f83e19846c20d925fb7b1a020b8b
SHA5120cb5bc852fa0b3682704df7226f5d3e9df2d5b7eb0b475578505953203528c1c9781b221bb3f1ccdcb0267a3e18e951b86ef17ca2de7453dec04a1adc0b8f7f6
-
Filesize
82B
MD56a199fc71f6978215985fdff764cca33
SHA15db7f90ba8828c7d1bf91a52c8b95f7987bc6015
SHA2560c3887fdbe2b3d8891685b256cbf9892d95d0fd4d4d381173f2078c33697048d
SHA5122384dafe7930e9cdb61dc1ec4804223e187a798f26d4f78d62e2014e1c3b0f1b6156af9aa79c520eb82fb7360c9e41f666c63f0d616c04322fa0d881a599859a
-
Filesize
84B
MD586f8f50a9db24016b41818df91e78129
SHA10ba37ca020e342b68c2f25b584f495c3100cad54
SHA256e379c38b18e35e103e406d1b2df9739c2eb5db39cbc54fa71887fa2c659980ef
SHA512aceb55ae63241d049379dc434b94fb8e68b66df7b9bdbc96fc2fe41b08edf415459233aaa9f03c55481434bafd9f53d08656b6fcabc1e2dca94c6130575217ac
-
Filesize
89B
MD5f5893f65f4f005b9a40c71b5b599cb05
SHA13f242a2652e0cec1690b5071ed06b3e5fcf2db8d
SHA256cc673854efc4210a8b2a4498b5e606e64fab153da1c283c120c908e1275f4766
SHA5124857a65d51d792480865174f350d92e619c664ab6b48ba58d1b19e5b57f7d99cf75af8cb8f06b2c119eb07dba17815fc7b95512d8b39be8ae83386b65ee9a83d
-
Filesize
48B
MD55cacbd4817a5f2a85a0aa9d660be678b
SHA16dc577333dd95e2c147cae97ecfefb4a4d91d2a9
SHA256f0c80b06c4b3e46c715f6e18a02461ff557d544e8e2aabd94d51ecbe47c7eae6
SHA512830d6bbb627db636af917338c449d26c65d4641e02f5c133b7bd379eb679cafffe787401e21005ac7e78ccfb0b3773ae4910ca01ec64a18052300b9315b34d15
-
Filesize
48B
MD5522b885ec5cfb77dea50191193c1e773
SHA110c446e6f678d8c2842436fe9705b46158e21a5e
SHA256c88982b2f94e5a06dbb44c879cfe4612de7ff761b76951fe881723987ddb070c
SHA51255d185c5031ba90d9a633033585ec38c42d04b5fa6bcf1d69f41229ec78c72f95ec0413ae4409a5cf238538842cd09adb436fb548aad68c17f6ed77301ca95b4
-
Filesize
2KB
MD5e624e2e4fd8432df69ff28984d4b95a6
SHA12763d60b458829c3875b9430e0dc2445f50fb4f9
SHA256d416fb02ae818b794577d9092d1752c6602220cb38e1c7617b2f94bb8a2f4181
SHA512829579286f256fb707c99ba65efbc77b376a524a34fc89abed222d3560109f8b4723bed327b7b1d8eb76cdd909b8c0c1bb58a54c4c2eb4d101af8f49266b92c9
-
Filesize
3KB
MD56b8131e969459852838e68f4000445ab
SHA19a19bfe95902a4557d6083f58ec76513d5e2b13a
SHA2564de9cd096a4f9f9edecac9c9568bf8d2effd7427b544765bbf69a72bb48089f2
SHA512398bfcaf8dd20477ae2be3b684a3f8d260ecb56361e698fe155688ade13c83f31f2bf93c7ab2cb601c2911568c54e7578a70f25e7de1f9b5da46e6913e42c658
-
Filesize
4KB
MD595ad36b191521d8ed1ebbaee7549b53d
SHA1c94da68440fe605f1cb451c5cb9364215cf8d9e6
SHA256ea36882d6a8d4b318fb54b83eb63e793434b6a5ec29786eb0802d2a65d406287
SHA512c6cd41146334357b270c1d4c804559b31e129966d7cd6311bfcf91b190ceb80baa945f2c30364116dedc797fff738b64cc13bc787d7ca5ec566a358626dd26ae
-
Filesize
3KB
MD578a90c2791d360628287458f500d1768
SHA129b72f71e57b73932c8fe27b2b7455c51002655e
SHA25606639faeb528d2df08225a36563488a4605b0321d825f504af1a262c030e84ca
SHA51201f608ba8c89dc18c3da4991cd4b2260344ddef55d982e580268c35d2196489d0d12c30291311597cd51ad1b8099838a8fe00566dd7891361f1d30c76546a555
-
Filesize
372B
MD5cbb7eb3ed49c734813f9206b44ead525
SHA1fa5a35f93e8243d793e4849914a0e9943f0bcb49
SHA2568a95d5896f53b63ec1c30732e642efe35ffde4795ef82be3724804bacd15fd7b
SHA51288ffd96cb92a78aa3df538d7223e331d06d3e821c785b862a015ace7d763bbc18cffcbd99fb7d9351a1efa5e69bd02bbbdb32bd809ba68c3b46a4f78bfee4b8c
-
Filesize
372B
MD5e43616a1296d8026b4e03a32b06e2946
SHA1ef19103fdb069b28fa890e758b3d31662cc1417f
SHA2564269d8bc6882894203dbdae54f9deaec40b01589c08403f67fc8e197bc1364e8
SHA512585c97ced08a12e729450f2712a9fe14e6907600e1e36d4a9f45e1f8bf8e3c758004737344fd6b6c0dde555590730c36f1ab741a5bf9b85f17ca6aab09de0479
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD549993d8230fd332cdb2ebb7f3a100c90
SHA1c1b9a61d4d915aeb24b3212ebd7a68538b039a34
SHA2569bfa4441b734b763cc59c4a4bad6d8f6b0da38ef4fcdd0ce9874c2b3e64e59b3
SHA5129b576dd5626314e43a164c086c86c96ce9c28d54b807ea1f400e18d10dcda44f86cb03e890cca35be589fde2d4362f4b944f93a693de600d2359d03b097ca8df
-
Filesize
10KB
MD5f677ec5fbeecb4320aa36e764c8a915c
SHA1a597621efe59b80e497b2aeeabc57b9e6cc21675
SHA2566374531f46adde39fd0a6d4e94c936b3095860c73b8a6c7efce74a20c4376d6f
SHA512ce2f6f7d603ccf007eb504abf28af1590d63fd5ea68e9fe819f5a794a78dea353d6314471405edae8c47a25d90495d3732333472ea9d34b22065ee7af4c56cf3