Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

008a9fa752...22.exe

windows7-x64

3

008a9fa752...22.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2024, 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    008a9fa752bbd5a3928d15a4e010e006e91a7d27f5057def445d279da4e82822.exe

  • Size

    896KB

  • MD5

    664cf41a62c7fbb7fc18a61807d85f71

  • SHA1

    ab551aa18c83a8077497930b8b37e94db2d8311f

  • SHA256

    008a9fa752bbd5a3928d15a4e010e006e91a7d27f5057def445d279da4e82822

  • SHA512

    876fe6278b52ef33f7942789be44239f745201e2cd58ca49f7d0e6b28f21e8ef2fa0eabd0846a207d2ef0323d0273dfcb3db1ee84b8b33b8c22836269c2bd8b1

  • SSDEEP

    12288:SqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTK:SqDEvCTbMWu7rQYlBQcBiT6rprG8asK

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\008a9fa752bbd5a3928d15a4e010e006e91a7d27f5057def445d279da4e82822.exe
    "C:\Users\Admin\AppData\Local\Temp\008a9fa752bbd5a3928d15a4e010e006e91a7d27f5057def445d279da4e82822.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      2⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3320
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdda2746f8,0x7ffdda274708,0x7ffdda274718
        3⤵
          PID:1028
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
          3⤵
            PID:4300
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2568
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
            3⤵
              PID:3896
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
              3⤵
                PID:1528
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                3⤵
                  PID:4720
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
                  3⤵
                    PID:1988
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
                    3⤵
                      PID:2544
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
                      3⤵
                        PID:4588
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
                        3⤵
                          PID:3180
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
                          3⤵
                            PID:1056
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
                            3⤵
                              PID:60
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                              3⤵
                                PID:4992
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
                                3⤵
                                  PID:3652
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
                                  3⤵
                                    PID:3744
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
                                    3⤵
                                      PID:2692
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                                      3⤵
                                        PID:2628
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                                        3⤵
                                          PID:2932
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                                          3⤵
                                            PID:4604
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                            3⤵
                                              PID:4328
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
                                              3⤵
                                                PID:2312
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
                                                3⤵
                                                  PID:4568
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                                  3⤵
                                                    PID:3612
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
                                                    3⤵
                                                      PID:1824
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                                                      3⤵
                                                        PID:2780
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
                                                        3⤵
                                                          PID:3208
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
                                                          3⤵
                                                            PID:816
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                                                            3⤵
                                                              PID:4068
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
                                                              3⤵
                                                                PID:5664
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
                                                                3⤵
                                                                  PID:5672
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
                                                                  3⤵
                                                                    PID:5680
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
                                                                    3⤵
                                                                      PID:5688
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
                                                                      3⤵
                                                                        PID:5696
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7912 /prefetch:8
                                                                        3⤵
                                                                          PID:5976
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7912 /prefetch:8
                                                                          3⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:5996
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11302662470332974875,16677114450815920005,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
                                                                          3⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:4500
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:4120
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:5420

                                                                        Network

                                                                        MITRE ATT&CK Enterprise v15

                                                                        Replay Monitor

                                                                        Loading Replay Monitor...

                                                                        Downloads

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\1acfe2ce-7427-49d2-8b7e-3add1f1956ea.tmp
                                                                          Filesize

                                                                          9KB

                                                                          MD5

                                                                          fa099fe4a45d57f6a52bef87819aa77f

                                                                          SHA1

                                                                          80395db6c601b82a6f131cfd5edb126d2100fb74

                                                                          SHA256

                                                                          ee2562a9f55458142ebab7ba272ab0513d5779ad34379096afd9a57f9f17329f

                                                                          SHA512

                                                                          5dc5e2cc78d948a3d3c0f39a88ceff40d025d3fc8322492af4c22c8a5f1e4850743fb528ad9795a62d3689d1628f3803443f7cfcbf00eab8481a6e092522bfc6

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                          Filesize

                                                                          152B

                                                                          MD5

                                                                          7c71e0641410ab7973f4aa74d7ec61a4

                                                                          SHA1

                                                                          ec2278e628404df0d9a98e9f12625e3c5f7a8f92

                                                                          SHA256

                                                                          5a19377fb67c0005aa4441f2957f8a4a32d5492d74ee2b25b2070bc512483d0d

                                                                          SHA512

                                                                          9fca47deda4dbbdd8a8f9b0656e933bcc55324add4631534ea23f2bcec62be457920bb0d9fbecc639abc263d776baf6958886308ae1d46202d0b68980f0f084a

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                          Filesize

                                                                          152B

                                                                          MD5

                                                                          6b8860f6ed5ac2971e1556c3262f5e9b

                                                                          SHA1

                                                                          306f06966940748441dde0a5eefb7797d20bd1d6

                                                                          SHA256

                                                                          aa84a6265ad0163c4a0b09ec183cdd8845c89b2663fc5b0a3e95821fd6ce054c

                                                                          SHA512

                                                                          a80ba75b4fe62c3ff23129da0d765aff638f6ba9955ef62e33c35ce274b0521b210fcdb37ea6a6d4c83ed9038e1199ed98219089350f431b74e28d7bc61bbf16

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                          Filesize

                                                                          152B

                                                                          MD5

                                                                          62a7a98dd0713f494bf30e024eb71be1

                                                                          SHA1

                                                                          50238342f2a7020c9834a079f44192bc4271f40a

                                                                          SHA256

                                                                          746c2f1b6d369420c4db18c97989bee1128f567d2692274b93b23ff44bd3860a

                                                                          SHA512

                                                                          ddc5017b315c5f23db5cc3606763544eabcb24fe83f1ab88a1fca33feeaed354be6296eea8fa069adb8d43379c7504ea8742d75f76463430e8beff5223028077

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
                                                                          Filesize

                                                                          20B

                                                                          MD5

                                                                          9e4e94633b73f4a7680240a0ffd6cd2c

                                                                          SHA1

                                                                          e68e02453ce22736169a56fdb59043d33668368f

                                                                          SHA256

                                                                          41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                                          SHA512

                                                                          193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
                                                                          Filesize

                                                                          41B

                                                                          MD5

                                                                          5af87dfd673ba2115e2fcf5cfdb727ab

                                                                          SHA1

                                                                          d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                          SHA256

                                                                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                          SHA512

                                                                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
                                                                          Filesize

                                                                          1KB

                                                                          MD5

                                                                          2f75111fac4bcb163b191977abdce12e

                                                                          SHA1

                                                                          0b9e21372d6636dbaebe4b682db92935acd7c8e9

                                                                          SHA256

                                                                          80821f7da5213be37b69bc881a7b7203b7b080eb03cd52f0e51ce5a7ee2e5405

                                                                          SHA512

                                                                          6991a224b9d19dacd033a296a42d98e36dcfa02b78984bdb4d8bb0370fdd382fc20c36cd5cec9deda43a9698c909675786e5f57d960beea57ce268e919253202

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          47b9c339b1b54ce9353ed08d681a1be4

                                                                          SHA1

                                                                          0618881616a85a2cdd97c4f187109ac3bceb104e

                                                                          SHA256

                                                                          cbc43d30d13a7954478148be1ce3e6a60017628c874fc5375759f52b948c6556

                                                                          SHA512

                                                                          eec13ab8fae5200b84998840e8eb4cd2c53bb8ccfd8f0acf3de2d21542a5637f6ce9c20d78bbf0a79645ebb81c111e9cc39dec4597547df03eb5be6d94f8a461

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          1d76249ac43d1ddecae353c018415962

                                                                          SHA1

                                                                          2c703583647358beab8b2dc320186da8f586447d

                                                                          SHA256

                                                                          fa2d69f5cd0583f897b07c9946f38b1554c0320dccb7b51696b2c5bccb1dd7cb

                                                                          SHA512

                                                                          8b118a91cf924bd241bc595941535652e934f6dfe309be8802374d4fa59edfbfdc526c5bf71107e5436756acb03708bf88af7239846d0a1782485aaa77ded30f

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          d46573dfa51e25308505eeae67011f58

                                                                          SHA1

                                                                          c6932d30052ded7d54b9d0bdeca08c49797c0319

                                                                          SHA256

                                                                          6d6691e814186547756055d9d52ba16ab627935cedbabc5c54b6312f722de365

                                                                          SHA512

                                                                          cba59ac9e882c8c00c80085e87605dc98435e655e8e3640390c917e35407e82c3fb1b02065762d2d0dcb1ce4f0537995c097689742bcac478b069f6458b8441f

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57c294.TMP
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          16d8f344942135647f59985e8a7ef926

                                                                          SHA1

                                                                          2a256385bc7e0f279200e479dbedb1db022132ab

                                                                          SHA256

                                                                          2c55360372722bbb2aca061d32ae6afff53996675b8dd51957d99a24a9232db0

                                                                          SHA512

                                                                          96487455dcc0d79292085186eb1657c5cbb481c4dd6167950b84d7a38ae13d3c020da50f6370c47cd7f64a748fb7a0ce36bd32d8a6b6353b4083ddb3f8e7836c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
                                                                          Filesize

                                                                          24KB

                                                                          MD5

                                                                          41a3860abcf7e8c9e8977469eb73c44d

                                                                          SHA1

                                                                          bff03eff0f2d3218c0d9562028e3fd004574fc2a

                                                                          SHA256

                                                                          cb4e193b29e9af5bd9ab312e1810055966b28b084c13cec2f037fa2f6410adfe

                                                                          SHA512

                                                                          122f70c55072f606bd2fd57c269b12ec77e99ec581965acd4e8c89dab3909e0160b6ffee35a3541a8fd7f4a76e0289265d2f03987eb9efa76204f837b34e1da5

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57eb98.TMP
                                                                          Filesize

                                                                          24KB

                                                                          MD5

                                                                          3757844c06985fdb913d6e8fa92dda97

                                                                          SHA1

                                                                          3a7b642fb151158f61bfd16b8d87ae08ffcf592b

                                                                          SHA256

                                                                          75e6820355b881322e89ba08f1e035db3dbf4b4564d8442d85d0b9b2c12c72cf

                                                                          SHA512

                                                                          13795d399d9c1aa97ed181817df5783144f5959c4af4fcbd78498a89136410532b8c97c7001c9d2e6f2f26319154e905a3c39c80cc32f856f20d4dd6f29050dc

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
                                                                          Filesize

                                                                          16B

                                                                          MD5

                                                                          46295cac801e5d4857d09837238a6394

                                                                          SHA1

                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                          SHA256

                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                          SHA512

                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          cf89d16bb9107c631daabf0c0ee58efb

                                                                          SHA1

                                                                          3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                          SHA256

                                                                          d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                          SHA512

                                                                          8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
                                                                          Filesize

                                                                          264KB

                                                                          MD5

                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                          SHA1

                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                          SHA256

                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                          SHA512

                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          0962291d6d367570bee5454721c17e11

                                                                          SHA1

                                                                          59d10a893ef321a706a9255176761366115bedcb

                                                                          SHA256

                                                                          ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                          SHA512

                                                                          f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          41876349cb12d6db992f1309f22df3f0

                                                                          SHA1

                                                                          5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                          SHA256

                                                                          e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                          SHA512

                                                                          e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
                                                                          Filesize

                                                                          16B

                                                                          MD5

                                                                          206702161f94c5cd39fadd03f4014d98

                                                                          SHA1

                                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                          SHA256

                                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                          SHA512

                                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8QQGPTHRQPZTSO4P4ECW.temp
                                                                          Filesize

                                                                          3KB

                                                                          MD5

                                                                          2e3415ba5f6d1721d9e11cd308407b80

                                                                          SHA1

                                                                          a7e8614f0e3963e92a9315664adc94648c376a5a

                                                                          SHA256

                                                                          bc5ea7c44d3bb90de2d98031b09c6976c209693a4ac4877d536cef7e59e8a4b5

                                                                          SHA512

                                                                          30a9bd9ff6d7f9d08f49f7516c00cc3581a983e34fcae6466b6c4e8ab443d5444f42825cfa454c709b3ab927ad638f7d802b8555c58cee4e311eb0c1e272b5f5

                                                                          Download Submit