Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
25/08/2024, 19:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://loot-link.com/s?d3abb4a7
Resource
win11-20240802-en
General
-
Target
https://loot-link.com/s?d3abb4a7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\kiddionsmodmenu.comv1.0.1.zip:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 1144 msedge.exe 1144 msedge.exe 4620 msedge.exe 4620 msedge.exe 2052 msedge.exe 2052 msedge.exe 4696 identity_helper.exe 4696 identity_helper.exe 5272 msedge.exe 5272 msedge.exe 5192 msedge.exe 5192 msedge.exe 5192 msedge.exe 5192 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1652 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1652 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4620 wrote to memory of 4992 4620 msedge.exe 80 PID 4620 wrote to memory of 4992 4620 msedge.exe 80 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1160 4620 msedge.exe 82 PID 4620 wrote to memory of 1144 4620 msedge.exe 83 PID 4620 wrote to memory of 1144 4620 msedge.exe 83 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84 PID 4620 wrote to memory of 4420 4620 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://loot-link.com/s?d3abb4a71⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4620 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbec733cb8,0x7ffbec733cc8,0x7ffbec733cd82⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:82⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4912 /prefetch:82⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6912 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7240 /prefetch:82⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:5696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:5720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:5960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵PID:5956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,3073772003981096162,11029511999275319260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5192
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:892
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2336
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1652
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:1484
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵PID:5392
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3052
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5cc1b49d3596767785c9b649f6ec15f19
SHA16b2b16bec21fcc12f765981c3cc5a6eadfe76ce6
SHA2561fd957288b665ee2efecc4cdbc45c3218a9f32dbafc13fd7be740f9320b41702
SHA512512d77a4fd43bdd635904815061882e015bc0f3ad0b93e3684a08c9077783d18873e396652d1998723eae97c379295496f454eb0d3b6696186ab6d1caeab2269
-
Filesize
152B
MD5db1dacae9540e883ae83489b18cfc326
SHA1ec3b68e635d8ce3bdafe258bca5187536d43065b
SHA2563427a8a3b4868bd25a231ee8fe0ebada0b3474f2d8dc0fdd01a8931a8700a37f
SHA5122e40df3bd1a045c69173f1a169b7080163de8f62a44d41d46c28f1643943657c532caa72f65b44a2175f976fdfd3d8328d989e011730aa851aecbcf02dde4a95
-
Filesize
152B
MD504aa3f476e468ef3c0866e8dedd8f6e4
SHA11e9fa8fd586c03447a4c5b4cee261900e9f464ae
SHA25687b74207d65f6745b38a19dce13336ee839fb4d7929fce446c3d1177aa80c42a
SHA5127d860bbe9c847ea0b60f210860d865f1e936aa2210a6f9aa87e9fd72f992a022ecb9a1827212eb9b97dd7798540770f55c67362714d90d0bfd080ad1e5e7aaa8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD52dde24198cbff45dc2af5f241510ab90
SHA1c6d4f4d271a6f154709d83082e754fc1e805de3a
SHA25689a806b30062c4314f19fc2f791f0657fc66922fe3ad68d6d3dba00095ec5c24
SHA5126cb7f57704ea9b4e3d8851704b31e6bea249e21f181e2c99cf97fddf4748bc6eb1cad17aa80f3ef410ef4b64fb189c79f1c4784eb67476ff14a17ac8cb3ff1dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5178b2dd1a238e58684f6532dbb18fd2f
SHA137d58d959e0872c95376d9c82c8e35ec92307c91
SHA256d8df75d548c27ccd37d8456289c918778170b4450e33cdb295a2e485d2979655
SHA5126fe32fcd0da9de6b8b789bca33cfdc0a9f098ddb2227e64a35eda618e97d66fb56cd57df61d6aed84540e075488df9dc2b30dbc4b3b98792c549b3e198eaa7c4
-
Filesize
6KB
MD57fefc47446bc0dc72a6a04f09694ef79
SHA1cccda9343e49df65b8a7cd1cc8c0d03689de75eb
SHA256432c1a151d4788578677329ae5cd40b6b936e37465927055944a185c9ee60797
SHA5128044f10a9e68208e88dab777ea1d9135f0ff114ddefe2abcc1be499b87364bef8b3f1801d8ea8d2710e6c337b681a4964ac746de62a98818a10ffb850e9df217
-
Filesize
5KB
MD56f6786d9d2bf58d4a0e11f7dbf6e227e
SHA16ad79c1f450893723ea8f99995ec1d01e36f0d8b
SHA25603dac26b445becc5d1ebe37fa79b010f243c36aaf025a47116a451a3a5c20acb
SHA51259d447b73d6d0dad1e019cb01e8bfdc8d359bc20a0814849e271b17df18e3dde336b48d1ad873790142559f1767cbc6d8f49d5919d92fbc6af7fdb0874d9906b
-
Filesize
6KB
MD54edc972b99603ed6e49fe7268ea4acf2
SHA18caddcd33958b29c5b87fd0be9139d6eb7d4f269
SHA256b465a6ff5f6c270a5c5162aeae8a581d640897804502b4d4804cff9e87821c2f
SHA512abec248f2402a1b56706660e24d7e1cd7e10bed9cd5ace582eea9199617cbd05b1ab6ed0b1664fe274885efd497455603b1f5729d58ddda615983fc008e50f2e
-
Filesize
10KB
MD559af77a974c8804f6ecaee3f68b16835
SHA190b54d2a14ae29cdbe285ab17e24e14934a5499f
SHA256c2b8660aadfc26d104abd86d7e16497519dd5cdbc69be28c6ae046f9e21dfa69
SHA512b34e11fc5fd07412834f39b6593e5bf07da384b7bf9f8b2d119d1fab4b43a6262360a07cc413c1701e6a924883a0ad482fdefec7d7f28766e07cd7e0acfda138
-
Filesize
11KB
MD57c899d85ae045e0eb14d99ca2a176124
SHA1dcddaa493b5263998d6685bb9432d9356a91e382
SHA2565f2fb34692b67fbd2bbec253f216fe0754778f5a8545adf63725a53d7e590160
SHA51287049de8f412dfa95819611c216224c0eaee9a261726d0fbe17f64b08b527ce3843b7bba12341b1578992c9d5b090ea26a78832120d889ff5ed103ebf99c09d1
-
Filesize
12KB
MD599c2205bfb7a223017b1563e6faf9649
SHA1bfb53876e44992ff893db2c93bb7aba194989c6f
SHA2565c9b139826838db7c1c410359789b5157445838e5fe413abfd1bbe7a978f99a9
SHA5122de4970f4cd9e84c3a0af800cb20b9be6444cdb2d580e6c2ffa01fd37e47e804337743c0e0ef79da5fd84fbc45b65d345319362b3fbabe2597d06405e1063a71
-
Filesize
12KB
MD53a3a56c96e0bfbad6cc42a99f6fe31c9
SHA189aa1b5b93d635b692413f24586e8029b104d2fe
SHA256efdf24a142b1184d3f098f8024fbcd5b882c5d931d1a198aff339babdce63c4c
SHA512bf5163a85bda882a2c8d87c11d5907d892eff854346a959fe80c953a29b40478b58c2c1c148b64ecfa6986bf549ab42e5b788206a818757b1724fd4658727806
-
Filesize
12KB
MD53e814b2fff4e7bde785226eff8e8eaa7
SHA1f3f0fef1480e077a735ce2ac183ff17d2c11aae0
SHA2561959d64019792223303f241abeb143dfc37608f03ca90f36d46c5396a49b1194
SHA512b4fba5664e46e2f3e0a4f0a6a6e83034a25f42e1a43f195ab377c3176b0d756cee5c162c5bcb53434192ff250a84ef7331abfd62807a6a4a5f0f446907539b92
-
Filesize
12KB
MD5329727cffff3e0b68167c6af7421b2f9
SHA1037f7457d49f630ae38984a7c2aefbbf9819d217
SHA256e96454ceb53811d79f582ddc3a6c6df0ef67f601ff5c6525231c6fab4dc729be
SHA512afa963767b017fcf42cd3861e175be21da4b844863b515bae902a5cc4de827d4a105e6cdd3a903e47aedd03b1c2c57312a99386bfc8ba4467a54fec208c7aa36
-
Filesize
25KB
MD5a34680f8b1266e2832acacdd5974cb48
SHA18ed0a05cd9bb03b4990ba77cc79662cacb1e9700
SHA256cebd372ccf5372c18ce3b746cd8dff2d0e01ec59542d1b3079887f9a8d1d1c21
SHA5126e4739b7489525c9979dd92f7c480d9574b4215aa92f65edee6e5db9aaf555d9c0ba578d6b6ad92c839648060157967e97a16fdb9d66ce173db6f7c82dd8562d
-
Filesize
2KB
MD5a2af2713d6b582cceb5da19af55e63fc
SHA107a52097c22f92093eebab0132faf35d2ebf65e3
SHA256127016e12121c3060e9f5acb76648cabb3bdd01fbb082922f2843e2a26b57aee
SHA512453e376cf06d7b5fbc098a154d07ba74e8f77e217ba698382bdf1ca6e77f3e0b564895e5c6dc46db95c05914a0223e65515d43c272c60159ab9178ee57d1643a
-
Filesize
2KB
MD58922afb9b6456340e397deda7e97fde3
SHA1f8c3dfcda15679a52112f79a8bb29c64accfc938
SHA256733e5a0c81ee046a6279e61e23756ffe603acf120918066acabf22101f567274
SHA5124cea36dbc15cc163d0be87a9f61f1be776b396b413a10116b22fc79cd90b7b7905d82b280963bc82918f6ecdf3215e6f1fa47b843484c80958486aabf1af5c91
-
Filesize
3KB
MD54c40f530718b881d5ca7ca9e76f757cd
SHA1237305c367251debf20732bf9f3fed8dfe4cc618
SHA256b1178ef313c49fa5979a020e0dee8ac06a0fbdb526441c3418a270298b31a3a5
SHA512a5ccd25497d58ad96a26eaca775b68ecc8e2dabb735c4d1ab8f362bd555afde7f381f100b0629d6f3742e734c40fab9222e0bcfac578d2933ac5f75ff1d1bd1b
-
Filesize
3KB
MD5e80401d70ada1445f678dd6d32e98311
SHA1b72d59f0f41ff1d84f17f29477a513a2029c61f4
SHA25658a9dbd2b5380b18bb4df69d38096197927bc3797db064f1c5461decb86b6ff6
SHA512856e0b50c1777ace45682be1391f6f01de368ce4a3c6fa437f4383336ae97854bcd9aeb8f9a3106742a9f7569531d2eba708799d466ddb0947bac1b5f207f673
-
Filesize
1KB
MD55f146d105a780b805e1f8de3c390e363
SHA114df1bdfd1d93b018a1542f7ffe045131b85fe84
SHA256bdf6fb2852a8ca4eea10dfd0b57b7e0a6d00b6eec37448a5a0e60b3e2d00b609
SHA512e71b19a1d6b66310ffec908ed5a2775af398efcec99da9efb48e9daea9354fa1e7c3fb5aadca5ca577af5d69f7f1ee849e352b8cc979a05085b9f02afb67ee50
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD55d09aa7cfffa7b5743628041e0a79603
SHA1ab6494a5cdd654a1b390a67dc67e68b0315b443f
SHA25666dd7914a70662440b3ea716b662bb5606af7ce29ce7dfa4ac700de423bb6f5a
SHA512368d9dc66f605ffe1aaa2393b0250e1a75da6017b9b30780220b704b5394cd36bcb8c1901c706fe9cd8becfeb155e22ca7d644973bef90dbf7d8a6516c279930
-
Filesize
10KB
MD5c40999a172c407508811fb0920279737
SHA1dec038db81bc257ba4ba2de113b20bfb5e7a7b9b
SHA256b975be69fecac80ac92429fa55fd82b7c56d3e197eb9c10b0e5972f934d40c55
SHA512b8839f9c594a3e8046545c05dc73c916a4f72d3b4cda9f38649472681331130bef92c47e8028eabc734353f818b3039a70d43907cf29b343f43464af124648b0
-
Filesize
11KB
MD52e226b6c7e0db5c0b4c57a97238725c5
SHA174ab0d706dfd24d08dd3fb94310b552466b34edd
SHA256404b491e3cda95690fa21274f023d164f2ff3c81eefc05bbdf46a7e370711a89
SHA5128f4ff96e308693241ac1c53a1f0795d758b9f12b669bc6281e470fb8772a2a287edca5ab75441a1a2701801f64842f239b2cc6d54501cf3195734489f9315964
-
Filesize
11KB
MD5feed8f4fe31bb5eea2213fbbc6e24d72
SHA181e95a017c452f595bd916719dde1a664ccfe2b4
SHA25614330d8864771306767b5a964f9d84148c2f60e691fa2aa526a82bf0d0dd63a1
SHA51233dc09923073fc8b8e383472dfaf6373125ca7de96f9a670d21440a81980e1ee0f10079fadf7807fbf5dcb32fd17935ba0a462be035876b607653fe84deecfc3
-
Filesize
16.5MB
MD5556e97e1cde3e21214811a875b30db0f
SHA130f819df34ce50164f5f2926ef612058fe8d1961
SHA2562141ee2203a4029758710be351c84954ee8021f5158a7f978f34e04ec29360b7
SHA512183998652e18e1baf0c757a1e0580268d987360522f9b67a00910e684ebfb08eb3a496892c6173202003c92239b2f8736c3a012b482314fda3a324885f22eedd
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98