Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
53s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27/08/2024, 07:07
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Downloads MZ/PE file
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
flow ioc 424 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{F26699B5-8B12-49A1-9B5B-D262F2FF07E3} msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 13511.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2272 msedge.exe 2272 msedge.exe 5104 msedge.exe 5104 msedge.exe 4336 identity_helper.exe 4336 identity_helper.exe 1532 msedge.exe 1532 msedge.exe 6260 msedge.exe 6260 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5104 wrote to memory of 3428 5104 msedge.exe 84 PID 5104 wrote to memory of 3428 5104 msedge.exe 84 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 3308 5104 msedge.exe 85 PID 5104 wrote to memory of 2272 5104 msedge.exe 86 PID 5104 wrote to memory of 2272 5104 msedge.exe 86 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87 PID 5104 wrote to memory of 3708 5104 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://blx.gg1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9addf46f8,0x7ff9addf4708,0x7ff9addf47182⤵PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3400 /prefetch:82⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5340 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:12⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:12⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:12⤵PID:5212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:5500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵PID:5196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:12⤵PID:908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:12⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:12⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:12⤵PID:5748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:12⤵PID:5760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:12⤵PID:5772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:12⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:5800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:12⤵PID:6436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:12⤵PID:6608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:12⤵PID:6900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:12⤵PID:6908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8812 /prefetch:82⤵PID:6336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8900 /prefetch:12⤵PID:6340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 /prefetch:82⤵PID:6764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,16989395873870883375,9656983276870257088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6260
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4240
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
212KB
MD52257803a7e34c3abd90ec6d41fd76a5a
SHA1f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
1024KB
MD55e6f83cf268f0f61ebe3ff8c8bc8e8f4
SHA1ca8e6a5fb11c6770ca15b4048423b026c2039cbd
SHA2566c9c6cb5ba68bf49796f9264b2d55bbad19bd4f3c9959fa6a8de8535de273bf1
SHA5123a5ebb30c06ec163adaf5499ac6b237b9351ee697c0d4f361e1aef659dd33a7087b16886dad5288383e33850dd5b70f882dfef3170a48dab472d495b3953e312
-
Filesize
5KB
MD57fe7378f0d4e1c5109aded4c65a23470
SHA1bb286ea8eee23a3e34d2d957128d805338cebf44
SHA2565bb13c672b57a6315c806f54c5198cbf0a4ce55f17e014f27ff40efafc6ce257
SHA512dcd10aed0a17ef1686dca31fae12291a66cffc1a00f845f1c0ac5d5252ca4bfcde7a6f78a820461614bcacf9022af427c5787e03ed8efd7028dde0dcabd6fc03
-
Filesize
7KB
MD5351a9721c016ebf84781c2a316f65ebe
SHA1969ceb27f2bc39e0bc44ed5e8627167d5cb75575
SHA2567dc199713421b354e9a948109633922700d50fc597112f41b50c9114d19f8ca6
SHA51286f628f118b4b00b48f642491c805c6b6687d3c22d50a0144e423a78fe8b730df01bb34d18a79feb726fe2d54e466101c211d04aa36e2e5b35794525a5f6c824
-
Filesize
16KB
MD57aff382b191e2b327908af92a1908165
SHA101c85fcd200b7ef7cfabb174def60dec85502696
SHA25648cfbccce24f0a6f4c1bb1e94fe8c61fea1c665edff0822bb9b15bf080967a4a
SHA512a7c701b55086e646fe4bfa518b508ea2727848c0f93f72c635e28dad92f6efed1d8273d131d2d9a37f855684dfa5b3ea1540c50fdbde604f17ef10234b2defd3
-
Filesize
17KB
MD5c966c63ab3d62b1978254c412f0da994
SHA1d52ac3edda3b2e56aa677d3b84539e81b2b2809b
SHA2567fabe35601ae8cb33a66c80c29deaedee294302b3812b3d866669488fa0675d0
SHA512509f7bd2f650f3a76b153445efdbf3e339ba00beb89523b222f7ae492b4aabbb6a2ce1c3f74dfd0a9d713c7e0eaf10df64aa3c5639bf94b4e56fee6db99e9268
-
Filesize
6KB
MD5387e141792e20e749b1db9dc882161f3
SHA1122ca4d143aedd775e80ceb596b8f494a570b8f8
SHA256ff267f328266f45672f618a79dd576f9562c97f5bc1147a6a81adae984ef8dbd
SHA512595bc7794b3639a5eee10119b20be7d98bd8eadf6ec52e5d5985f7cdb1afef48d8428806b8a661a1fca695d2ed92e6d4f8c8baa93ff4dda244fbb10a63d97f1d
-
Filesize
4KB
MD5319023a10899a5d2749b57950a8c3c49
SHA17b8d7e280647e96131a1470c94d3fc5aebffab86
SHA25687cb4e31c6cc18894e228200a80d1d9c945a8d2afb0e4d8e46c8817b7ef09bff
SHA512e934a82d3fbd100b07a0b2ccceddd9a490e100ca34091ee0e94c3e99a14fab95b1e64eb47ce2aad67e4468225e0ee420467e051226f7423a304ae4bc2dea8d55
-
Filesize
703B
MD5bfcf7a120f33185dbce467686323dd90
SHA1c6ed5439d68f05de8c5c2f7d76ac7b0bfb0e7db5
SHA25638eebd7120e448dcd9798a50d648b62bb7f07e2deb02cac3a463d74fd94662e8
SHA512b36c14e8fd9db5d01742df225dae5fd07892670d2ff55087e2e3393d1acc185aa313dec3b81ea0b506be38bbb205e5be603e46d957c9f396834a0229f6164393
-
Filesize
5KB
MD57ee35165d2d73d3ebb999dd69f50510b
SHA108322163e8e7ce248f278452e4d23cbc24b14814
SHA25646f3a9104382900ccfdb7aa2272fb00a89efee48f1600e1d6b0e5bb24ee9fac9
SHA51250a4ea379fadf5f3205e7132f41ca5752639a5dc8c716479fe76d44e44805994750c04b830ff93e2c98acb78b6f15a1dd9186003681290d495a711748ff14265
-
Filesize
203B
MD5c7c0b3992a80dca1bc44a2e4926e7089
SHA1fa94c83b434c7189de13ea8cf7275a83fd27b8f3
SHA2561028b0e5770327f9687c29942d7d6b4c9a50ca10358b73944830db1bf8c9cd02
SHA51296cc2f135f6f26b9e563ef9fa1af606a19520fc6000ea7aeb031f1c15ddb3515f547c3a98ec458029f1421661e3b42361bb200b4b5673bfa161ae7b572fc5443
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56bedf3f696749fd9a0f41396774b206a
SHA1faaff79d7a93ab075bcdbe13a395daf4cb2ec5f8
SHA256701188cc97a522395fab3e2df8022970030ea4ee67ec7854ed77d574f4764350
SHA512f6ef70148cb776f5e6f6a2163efe03e169067f519ed1b96eb8d964d0af2dfb0020b3fa49740fe435f1343f142e82e2cf331dc775b0c4819a820d0e88dc9a2ee9
-
Filesize
5.8MB
MD50dc93e1f58cbb736598ce7fa7ecefa33
SHA16e539aab5faf7d4ce044c2905a9c27d4393bae30
SHA2564ec941f22985fee21d2f9d2ae590d5dafebed9a4cf55272b688afe472d454d36
SHA51273617da787e51609ee779a12fb75fb9eac6ed6e99fd1f4c5c02ff18109747de91a791b1a389434edfe8b96e5b40340f986b8f7b88eac3a330b683dec565a7eff