Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
27/09/2024, 07:23
240927-h73bbs1fjp 325/09/2024, 06:40
240925-he8yeatdld 625/09/2024, 06:28
240925-g8ljjashrb 325/09/2024, 06:13
240925-gyzneasdrc 125/09/2024, 06:10
240925-gxdpjszajj 325/09/2024, 06:06
240925-gt4rkascnc 3Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2024, 06:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.wixsite.com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707
Resource
win10v2004-20240802-en
General
-
Target
https://www.wixsite.com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c707
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{8FB58A7B-BE8A-4184-B606-C7710E734135} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 1976 msedge.exe 1976 msedge.exe 3420 msedge.exe 3420 msedge.exe 3004 identity_helper.exe 3004 identity_helper.exe 64 msedge.exe 64 msedge.exe 1212 msedge.exe 1212 msedge.exe 4576 msedge.exe 4576 msedge.exe 4576 msedge.exe 4576 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 708 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 708 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 41 IoCs
pid Process 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3420 wrote to memory of 3904 3420 msedge.exe 82 PID 3420 wrote to memory of 3904 3420 msedge.exe 82 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1868 3420 msedge.exe 83 PID 3420 wrote to memory of 1976 3420 msedge.exe 84 PID 3420 wrote to memory of 1976 3420 msedge.exe 84 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85 PID 3420 wrote to memory of 1512 3420 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wixsite.com/_api/invoice/2e2a5a14-e43c-467e-8e24-878e7e41cc58:a803af1c-7dd6-4a14-977a-062311ec44d8/view?token=dee0c81d-a2cf-4699-94df-dc31c781c7071⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdffd46f8,0x7ffbdffd4708,0x7ffbdffd47182⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:82⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3660 /prefetch:82⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:64
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=3452 /prefetch:62⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:12⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:12⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6864 /prefetch:82⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2888 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:12⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7244 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7445771922129111040,1243423355840173621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:12⤵PID:5108
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4804
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5004
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x528 0x2f81⤵
- Suspicious use of AdjustPrivilegeToken
PID:708
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
23KB
MD52f24e0f5d2c2997a89fb4a8d943c141f
SHA199515bde1a5bf72105116ac902ccf3db1dd3df29
SHA25660c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf
SHA5120f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD51c5b3361338e26e864775f49267d7d28
SHA1e2056859457152419bb4ceb2bf367c6650216dfa
SHA256aade42a24b23811db317a2aa6d523614b108899941e49d5800d83ecb5c9cba53
SHA5129c96e71bd20e9cc8e167f2bb7183b9ba914e47b87825b0e3e5c15ff6706334b4dee6ed555711efdc65fc6eb475b45e05a8a85d14a8a98067eea33c79a5126b96
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD523a40587377b82a71a4c1c02022c3133
SHA1aaa839b8539dca14b66c07118087bd22e4a0f2eb
SHA25675d56c664147f271e24e9e78ef9268a616b612421ec125e0511e63caa9fcd1f7
SHA51229448db981530ff9f206b12fa6693bc2bc5fbc454cc1b87266e8becd5c2bd5288d1bd4c99fc84bd66d2cc6e5ee3baa915641d63af4609414314981735a67db65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD55aa2faa54eb402e2e267cbb6f72fc976
SHA1545f7e8481497cc71838502b0e2011a096808f67
SHA2565cea956089c3f5d51dd076cf06b57917eb8bd18e1cb09c9ea02d0686365cba79
SHA5123cd83de20d67827eea378c28f66edfab2516eb10deb7cedaea9eedaa2b508bad6e2fb1c4d38710057acc342f39b64477c16867ceae28cb44cb56b8131b93aca9
-
Filesize
932B
MD5f89906b6047aa8418745c443236df024
SHA1410695b1aa816b48342dbbfde50b14b7befc5f2e
SHA2565471bbb66335d9c05d1082b6b002f996e0a73c8b8ca426fc1be4a51c56486885
SHA51291d09f1bdf0f5056fc0fa493de82d315bbb2178508a863d0d7bf8805db203de159c4c8dc4b603610496e6641c0c3c844e82e14f53d8ea6d109f618898c66e875
-
Filesize
4KB
MD5cef712121e1ea19a1c9b879b7012cea3
SHA1bfc7fab2a8694f6ef5d75efd286d5d3a40d8d906
SHA256117ef08ded51cf92eb969bbf4804221c124862f4160de05ebbfddee95fa70632
SHA51267f1af7d5960c2ac6e7bf89d1807a600b8d21e239a4595623911bda861ba7a575e2c2123d7835d1a80a9c8fdb235661e515d1721c2216245f0c403cba78c2962
-
Filesize
9KB
MD5981fb885e4209be4e5a7423e96b0f103
SHA1032778ed1644fef5d15e9dcc9b3951dcffe01b2c
SHA2566655651fd01d40fa23b5c8f4ef4a1adac9e8b5e6f622d25750a7142bafef3b89
SHA51296f1a0c2bd3bf108f57c88982ab7c532926ce78021644b710dc514ad812fe8d1092c1567dcc448a4b722357249ff001a4963aef61b013609cd53cd69f7a76b7f
-
Filesize
6KB
MD52bc33ac8b4ffbb205c04150a60e6cd44
SHA1693de73a50de35d7d8f3c7dfadd5301f26458103
SHA2563ba0b9eb6ccd8890eb5bc5f0b2b810af9fce26357a4bcdfe90e1cce6e5cda09b
SHA512c3f22c0bc09862eedadfac1caab06d6bd0e86bd7d9fd46393f2c04e1ff784f82f214c882574b9b1c17f4a9db5b78c70d70912020492260616e67a070a1a88f8f
-
Filesize
6KB
MD52028d51eb6a2d64249ebcfd2529863f1
SHA1f89b24f8900a2692248eec5dbcf836bbca60558c
SHA256b9ad5bb9be9b017f19ba9731bd9fcc2ba5ebea3c56383e7e90cd3ec0eb2555ea
SHA5128748fc17eff6764821a7cb6c9b09682ee4266d638ac602a91108d513a573cf3e40c209c3b9a60c44c5c1ebe758dbc84c7c31ccecd9c114088d12fa1afead9ab0
-
Filesize
9KB
MD587a1637158a9f8268ed7c8bf75f34f3a
SHA19737998a6480047d7d06ff121d2d5331ffaea10b
SHA256d5c0f332a36bd7d0167c7efa4aa1b60945a7491b5131472fe0cfe90ffa275ba9
SHA512d8a9a47e6e803a8140d3f7bb00d8cc9028ce05ab003207ae5df54481fbe743e0a416aeec05df3df75544fa2718ffb36829f2e64b19b5b70664d3c872f203d860
-
Filesize
5KB
MD5f58c46e9373c2e7045b664b7da2d9b2a
SHA11ba919f5a11821794e7b83a6425181445db3a9d6
SHA2567f38b2cb25e6edbb14b63b6014074ae6639f804dbdeebc9c8b9db65bbd583826
SHA5120b10b7fcdc9103e85131519179000b1ad43cda8be9bcfb9a37bc4b8d70c17f9001dc6eb71b79191837c81e82184581f24f1b4215614ecacd6f9ab59cae994811
-
Filesize
6KB
MD58d14ffad9f51c7a0357420f559bfbfcd
SHA1efb2ae67995e93f78d93a9234c00a0d332fd2d52
SHA256c915d6b6d303bcf6dd576741caad82cbefcaedc41c563cc6d28e61ef7b1dc9d6
SHA512b6f01b534819e76373a314bc34708d52b046f9e9b07c3fd0907fc3ee611ca45cc66db9a1dba44db5e1d3acf40807c47f4520c8e7f8ffd14d2188350ecf017167
-
Filesize
6KB
MD57f31b2a3099acb9b36c38caab0df2f3b
SHA1e7b7f6d36d2b9dea2e22e7847c9592906cb179e8
SHA256589d6c1b5fefd9e5171c25116883be084946f9f28c11a01366af2ef730c92e18
SHA5126e673c4e275bba011494882cbdc56977ec2aed7bc64058439a6f94f2f7d24fa7895c243a3bdbe19f079fed7db41f3de9fe640793bd8cd85213078f7b89a91652
-
Filesize
7KB
MD5c541b627d02f55f9baf8ee907327ecdd
SHA1bc460f542ac85f4ff70a838f697a6d29940bce5f
SHA256d80a2138738aa9507ecc841c22aeedaf60706ce267164b10d1f44dea3bee707f
SHA512fdd5675089fb0a53196458faf5d3f57d71ef6d37a3ac44fb145c972ec1be5213f549b407fee9c97bdec2926e989e53e61c49659d6013271c2b433402df310060
-
Filesize
6KB
MD577ec441d2638dd247c99d3b2c9f45a90
SHA12aac68d2695bbceba2798bd94b67aa37d4d4dc63
SHA256861a55c2265143d13654fe132cc9b229e15652394f0540d3c73eb7195547d676
SHA512daf451189d3e1de8429f3d25427a4fa4339ebc423a0c88f341a551974275b7d69c48af5d90ae71609d7a2d4fe403839e373222f3f55c69f71c233a8a8db9d43a
-
Filesize
1KB
MD5976622ba188cc18fc434633527722bf9
SHA1afb523fa21a8cfdfc073d797889e59980069f8b8
SHA256a82f9feaf08d4d8e1dc3c5e87eeaa28ac507bd6130f35a29cbc283d263ce6223
SHA5129b8ce9757da4d6465a0d1c6851028705bfc1014846cecf76d90210438ab72bfaaaf9a589b5021518df2dfbd2c314933154dea0795c1b7fc0f668264faa9257b6
-
Filesize
705B
MD5b7d0b8e2b0d7b28553fb2c5facabc1e4
SHA12b3961f5026be1b01f4c392f22301cb3a7e14f65
SHA256d0eb3974efdaa04704925480103ae29209a63008e421eec1eb6f8a56d64e37ed
SHA512ae47b58c8e6fb3205f548ad5ac7bec8484db302bf8af9df7d488dab6c665a82ba50b41bb4b0425690c57d472fdaf9e5d622eb817abee7cfa6fa752f54ebf2e65
-
Filesize
1KB
MD537f1b87b25bbb9e0167d599935a1e157
SHA16781001884fca182595adde576f2d2cd5c658cbb
SHA256b4c1cf9c8523bd52047f8efce2273309bad069076a288229926dd9d59da6d514
SHA512c2180a197d2a061a899d19831f3223705ac9bc9067acc03b003074972a7e632ec55011087fbc266dce3f01a49f59045944fd352d19d116b55655e5c821c8a7ab
-
Filesize
203B
MD56af57355f54c944e9d6d2814f0f46abc
SHA14c2653de9507dfe9c680978f71391c4b1aca6817
SHA25657444be54248cf88323b96eaf12c796b75b60b394459c75a92c099eb13ce2026
SHA5125e5b49599c28702de0480b96d34b3dc83e1561cd83b9c19fd5455a0ffbe1ba67eae2f3add7e3cc221a6f91ea426f9e9db659210ea860511e44b1816bb10e9adc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD588a0b18a28025c392283a1635e901d72
SHA1d59082b6f04d56835986d79c38fc0275b1bc2b7d
SHA25697a02b77f16848b685a8b8b1ddca76ba85f3a800214c0dccd4c788c5c01b71ef
SHA512efb22b70134b146699abde04b0bca47c697270694e3c0c6a1589ac9ac464e1df9a24abe05996276141626f051e982629a18c0d7ba68d430143fa5ca480b97315
-
Filesize
10KB
MD5ec32ff4487907caf7d4a5be81a8504a3
SHA1a4706e8f5e9480787f7bc17b23de461ca7274c21
SHA256803c8dac24e553d620640150f038332a10100633e73c8bb2616c62238c3ef78f
SHA512763231f12bdc38ebe32f6df1f33859bc476e79cff1c44aef000294aefd587fd48bcbdbe392e2e5b08b5380b440a17408c932f3f68eeb3ea78d99b2bf9b27f380