Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/09/2024, 09:40
General
-
Target
https://www.edhat.com/
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.edhat.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe899d46f8,0x7ffe899d4708,0x7ffe899d47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10056 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1024552374916487463,17166867558001653949,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11168 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x32c 0x4d81⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
261B
MD5353aff53fed63868707a0b72a4e81346
SHA113dd989aed55161a85446e533b8ef2d2dad20dae
SHA2560651649c1c58e147c63f0d67f21962f80a4db3b1d527e475c1de64c860c56f3b
SHA512e54864cbb511d940ab7338b75cfa321998178f2228ec1d3922d9c7a8bf3f35032dfae7e4e7af8360ea2528d8f18cb862d7a7dd7b4262992ebe6e8781b1a2fc93
-
Filesize
3KB
MD5a58f5bdf5926da354ebceec6b06ce852
SHA1aa9b7ef6f5e44821cdc98056ba78ab4bcaa3b94f
SHA2564f7470490bc362b8da4d9002145e11cfa1b811602bd5104246de859daec9301a
SHA512bb5861bda13fa515c125a6815beeab686695a09b9f23b2fedd0f6e01a0c8a45d19fa43cad9469aacc1f82e5b0fc9701ff514f57dc970e0ed0ffa1875d49af541
-
Filesize
4KB
MD5764c9d20810aade904ff839007aa5361
SHA180084b700d4bb7783cc4823acb02b705570840f5
SHA2569f135111ad23d8d412545f2b1b6f69d71a089f115a9c62487a7bf85ed386c502
SHA51252522799032cdb260401ea1151108b842db434688bc6657901448ee87460bfa7f5e67c058b38452ce9807521d38d2ea6d93fd8a7a735f22a37a3e91e99f22347
-
Filesize
3KB
MD5aa9b9d26c6d96729e03997863f1c8614
SHA1045b3ea4c5ae847dd4fa01b49b9314572baf385c
SHA256fcdadff6b2af3970d777a31ffb2224a1ce6cc418cbe08ae0674d30ea30303e8c
SHA51281e81bd991e0f13ac98e6762dcec9fb38f01f1626d67136f6bd1e093e120f59bed4a154c86349eb6a0dab2c68ad00e5336242ecc3591a13a9d1a8939bd83c2f0
-
Filesize
3KB
MD552083025299d33f0009b8306637caeb4
SHA137721328a002bb11e0704e746a07350faf23a0dc
SHA256efde9eb0f2c33f21ec5f6a0c0cd43e52ca81f9ed35db0bdaba1236c101aa0b5f
SHA5122d702c1c769db19d2e1f70672072548dc9e04d75428fa5f3c58d6d0ad6635e5afc29c321336ab90e34562b68b3fd2adab4901de755d3b042ff0024478ed88a60
-
Filesize
15KB
MD556d628e90d69d9d76ec29707bde872ea
SHA12a91b290c7f6277af1bc5feba7f8635eab917299
SHA256760cdf608baea4308063d2a11e62a686b71ac6abd14ab4672c1063c73440c6c1
SHA5122688b093207b741aaa4add56a430ac02a01dc61f84a4ca6e9de46f493eaebb1d1ccf8d4b4ddd24ae11f2a97f889bbfcf9cafb571c8e60562c05b6235accd5cad
-
Filesize
16KB
MD56f37bdc39354976b7c34234367dfcffa
SHA1f892bce0e1a64cd515f8e0301c44ad4b2942fe5a
SHA2563a0f77d0b990a8790bc61d7e6cd2e8d021a03cd3f7402466acaba554e23861eb
SHA512b9bcb1f0336f67092cc8798d47984b3badb16f02452a0172e181f1fda0d664e9f0385cffe8b3a8c527bafa914f6819f88292893eedf1ed88aaf454c2b1e8c936
-
Filesize
5KB
MD5ca927237a70c4979652f567e75fec1be
SHA19a63e065ed00bb10d4d5be1f429c55f2582c161a
SHA25652117a5aa6ca5fe444f788bb1d54b6cc5dd4fb2e01181d0e495aa6c44d07a07c
SHA512e6a4aa5e5ea1c02ce32fec03f337aff8afef643ce8d53e141490f5d9a2f8c6408d5dcf7ff4c570173f739345f89e47fda1c3c37e627e4dbb4aa9306c3f9605c2
-
Filesize
8KB
MD590743d4987267efe0bd5d265c174af69
SHA1eb24fdb13f739fbdb37d606fcff73975ae218e83
SHA2564ad6ca34e6b91ac94afc3252e0638e397d960dc8d88d92f88c2d2ead13f03457
SHA512229531fdb6969f4305cc57adc6eb4f4c6ef91b542f84329b5ad3b7cbb5cb955da53e6d3d4b4bb2b6bc1fbca30b500966c3af4349d87b9d031b1a8d224bbb88cf
-
Filesize
12KB
MD5bc9491501c7e09a409ff321c2be8f72b
SHA19e0514fb51ec96b9c112c8ea29071cc0a654005e
SHA2566889194c6cc211d2470c9ae415ba84e6956fef9a39f88c75e68de964b5322170
SHA512bfac750cc300cf4228410da331b0337fed08aa12edde16cde6de5cf05703fec50cb1031038c37064bf547867325ea72cc40d37264f0255d73cf51fb31bbf9487
-
Filesize
17KB
MD5add2a2bc7f20bb663a350d22b71ded25
SHA1e019a7e3f709474fb1c76b9e673a43359b670f55
SHA256f8baed6d1355d21870900708b941ea8882aa681c1c8e0639625d1ebd02dddf83
SHA5123ab167b80393d8932ccda0dec7c52eea9520ed8cf5a7a590b42aec3b83717beb997c6d7059b6e18f860dc2e1389b01ceb2a3a3b6ac7cf6e7c364b28c705c6730
-
Filesize
5KB
MD5ad0456e47592fee61a24175d35ae447d
SHA1f2921a3892af99a91d1af6f3871fcd05218f692f
SHA256f0b01edcc9532772777a262377afabdfcbd08bc6f5a0458471655a07909c0d35
SHA5128576ccc2f36dcbc9ce18c3634629e74f6e1b833a1a7005fc1da0917a8c0ebacefb82e7a3253e933e07f2fd97a28da3ed5d2e65ff980622e0b03eb76cc7a4da23
-
Filesize
5KB
MD5b5dbf05584795ebbd0ac5f4dcb981794
SHA1b003db51f76ebb3ceed8bc6131537949e3ddf4ee
SHA2563310e1bdcddbacc5ad9aaf180013309f866608e218df4567db0a06b5dc0293c8
SHA51285f07764becae99b45b7a878c9e9c93c9651de412fa72d487892d6b514c58e7cf4f325f7ca44f1098f279314e86b92cd9e8e1205775b452560ea884fa053fc5f
-
Filesize
6KB
MD5c7e30318c7168e5c90f8b6e5d79ea15f
SHA1840b7ae8ecb4e2b6b457a47d2cbdab8a1829a660
SHA2562504d518cb7af18aed056dedac0444a74aa29cf36f4137b5e9b817769a673544
SHA512eee0d059c1d0bf6db335b457021323135a1ab5087e5b628c2aeab6fd0eadbd3c76c85eaa356d1dc0e8ddaeb8d5d43db6c580221206d02d59aa6b2435832dc40f
-
Filesize
5KB
MD5b406be3d6a9e20752ffce13ee81a7d7b
SHA1432e95704820137357118f69ccc20314663997ed
SHA2569dd2d0a22c0b4cdbb7ff58d960761cf11227e57fd69e199914d9e00b74fcc4b7
SHA512a587dbc6da6a3df68c4f37d9d9e45304e1fa823ee0480079e11cc8e14b5f178176e8aff4657d68c086624d224d5e0bfb3fbe6866dd222a33833d3c688bd9d8a0
-
Filesize
4KB
MD5152232b5b21ff9baf13ec03456645594
SHA1a6597d0a29744ca3eec1b241afcd1c38304b4dfc
SHA25623df72785e2a0cc6d017551673036ec37a7af0b9629c3a41b0218ba88e9dce86
SHA5127666c74acfed8df9b288c1291e3afd2930f842c395ef481e92ef9b6d6448a974af254926b46c74172be86e72507b43e14ed0cb95beaa10755ea0263d1fa7cf08
-
Filesize
5KB
MD583d5a7c75d4327536cefb1ad16c48d6f
SHA14595b4ecf883846becfb24230780eea2d7849c57
SHA256ddc6da79f8630c56118c086a061799dec3f80c9172b95fb07f663d17b3e251f9
SHA512c29bdba7bedea965f208a97308561793ea07cef5f350fac1dec449aee6e328aaf72f509704c9b837690024cebe89733d53c95feb5007dd4e7965d575d9b90522
-
Filesize
5KB
MD5c8803740ed2ce199782e9c164c427625
SHA186fcad9808351675f060fc33d0a2140a4b774c87
SHA2563c0426adbb7503bd6c3624aab42039ba9aedac7c893eca53b48ed6aa7f397076
SHA512e84f08b1c95321eaadfedfe3fdb50a1ef5d60516a1f9cd37b06a8a81bc83cb7ca773eba316785855d0bc8241c5067b276465ec7f7ca8624a58e8c7db39e34c2d
-
Filesize
6KB
MD592252ada2b7cde38c4c1691ee0614183
SHA1dfdb9df0dfb35eab4891282a219c0b3475bb29b3
SHA256fed3e759a277d442edec6811219a21d0d4145bcf47a4fd99ea76c649f6ea6ffe
SHA512b0bc402041a47bf4ae1dfd060141ede44d8f151cee9471d354f63d20997077d5dd798b4f5f43e204b9e873f8c01402124dc8861bf889e933dbb52205cd446bb6
-
Filesize
5KB
MD5d0a9af5b9288edcfea6cc62c2c531648
SHA1c17f45a4d66f4fd7ca53bc13ca2661345d2e0c5d
SHA256b2676c6d3f43c42f580827bfbb6bd3e02713f319dd1da88a54dc12b09d7c4c5f
SHA5122bcb6ebfb6da3f9e296bb663643eceb974d3b0498974ae3db91d12d96607cc84e0fc580d6afdf2df05570c6c692f61a1209abf2bfd12c32dd41a555d35f83c1b
-
Filesize
6KB
MD5477f77f057f3b6ba009fe60fb219424f
SHA1df4fef2b17090e29fdb47ceac486afd9a4407c22
SHA2564a327911faa430270599335719fd55f8d1233be55a060d848c8950ced04292ca
SHA5128b48722929e1500a93a0fd3791922a716593482ebd53767d050a02ea1cd22b90b996c1a9a36d3cde3a4630eead1c5c3bbbed26307394d740d9f0e4ca11653d9e
-
Filesize
5KB
MD572799338b6b38a34246df069f1ef24d5
SHA1f2286003ff0b33fda84f8026b89c803e2270aa68
SHA2563ef4b1f1a22bfe61e8f0bc111e726db54dd0679574df9b27b4f9d592da0e7865
SHA512cdf95b8ecfc41408f5bf525eb7e3cb76d707fb102e3b3d3ba9b3f7679fbfe4e7406273c50b2f2202c18a239d5f1f1282ca98b74d1db1dac981341d8353947559
-
Filesize
2KB
MD540a2439e77f4f44eff72abdd2d89539d
SHA1b72c17144487036847301136c522bccdba379d76
SHA2567d43520199526baab651a779f4d58764a997ca0305f1634fd66f427e2e6d1755
SHA51288af323121ed1247a278fb4726fcbf8814a9222bf4af646cb801cd1ce996aaed2b898126e509d63a5a6b5667886640b23b0255a3a2a455b9a71f0ca07e71355e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5312862ff7aea9965008e4ad552e397d5
SHA1657e8400db463d464e7580b8735f08bd2fe87333
SHA256dd6242e723123ceaa4d941937b41d11fc34d2b9f7fe2ecc0715f2a653c5f3b61
SHA51206eed6e3bace95ecde494427b41802c312846c513ffc82a1c1a356ac43e9cb8b5020e692a606dc28cec291208e604c3b6af274b4f10a0c34f9b7338956c994fe