Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
30/09/2024, 22:59
240930-2ys6vaygnp 130/09/2024, 22:56
240930-2wva5atamd 130/09/2024, 22:49
240930-2rrz7ssgpg 6Analysis
-
max time kernel
209s -
max time network
210s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30/09/2024, 22:49
General
-
Target
http://the.streameast.app
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://the.streameast.app1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee2f446f8,0x7ffee2f44708,0x7ffee2f447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3572 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7228 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4668 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11036125149925027479,1127869315860796884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f4 0x2ec1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
53KB
MD5d045ad615f63192df472b4c87f6ae18c
SHA18fabd0d4c33c701f171e6e7b3bc3fded39dd5308
SHA2567664007c8644e5b61dce92ca2136099be6679089c2c8f0ed68ed088058443adc
SHA5120c935258961a090e34e2e45e6841c994aa75fa4b2930b41bb5080e7b9d12761b74ec472da785413bd4130981e4b029bd34e6ab635fe0e81f973a3f702da38b29
-
Filesize
170KB
MD5b1db7dd7cff81fe746415bc2a86ac6bc
SHA17ebdc8c5537b2f8d6bbc897ca3f6ea1495538d2f
SHA25660935a94a96e702f4b76d4c63eefe8afb9819f7b5f2aa258a30b4c2c60f893c4
SHA512db4d831e07a54516df1e1cd3968184c3136b243342fb133dd77bb3ea03fa1201bd8a36362549adf76be7c5f6edb1c477d366caa44dfd945fbb8ad4ba4da98f1b
-
Filesize
78KB
MD5e1787c67fe9391c4a9f20c39820e9e48
SHA10e0c0f252592d5371ca938c253780b0cf8d6f73e
SHA256946146f5ecacffc6fb52599fd0bd94376e1fb4c6e4bd12d462fa3eb258b45b38
SHA5129c046db166eac20a4528ddbd5124f3c30f7bcecf6a6f08dbfde75bfc8a40cd0ca048ef649f09a0de091eac5bc82e23f129c84c0722d4266b7513edcc4175f9de
-
Filesize
50KB
MD57dd12ac4737f3819cc483370419745d2
SHA1e7f207be7b2c1ecfe8b72073bc8daaa275871a5b
SHA256a6335ba40b294c9c4e10a0d91de0ede899714379007af49cd6c268fa5bb514b8
SHA512bf01fdd1290e5ca86b97e15930ea573d550198dbdfc1e1513c8f03dc09ac2788deee8c08816357e9bd1de7ba08399d49076eaa21f8b9d41732407fc32ee1d4b5
-
Filesize
2KB
MD5304669f1fc63e5b8a633fa43c75f15db
SHA107ff35e60c4ac1c2efa3a377d83acdd36d500904
SHA256e7e1496740b62cd8925ecdd6992374510fb19118fe77f09dd9c8041de8492b19
SHA512670e6998e996b646d4321487193954864a6fabbcc3fb45b2266865d142d9673fbfa266aa91a874931f5c32f795a69e76204da6418682fe2f12e74d25af6ac20e
-
Filesize
2KB
MD541d243411ee079f13849881b77587dd9
SHA1d5d5986bdde5c5859d482f3bba7df7b1430732bd
SHA256de610ad5322a269d1507663fbb5317a77dbba72cdc92af66dcd489944ef82699
SHA512b7535990a3adefbafbdb480e2b66babc10cf4614bd255c4764fcdb635d95f3e1bf7806ba0e27b15834b40f9882558caec5e6ba8aaae2ac463cf903fcd2f9bb4b
-
Filesize
816B
MD5373ac0a2312fd24a36604120524cb9d7
SHA1d27bf0962d1e1a99f5ff3f12a25a2e9b0c4d7a68
SHA256d1b121a225e66f42e3d3c553d4c9575f26d66db9ae8d44b1e8aaec45171efcff
SHA512d4f3b97483d8d6d1c840a6575a35850e8be0f9f7425d80050e596d5672eafb4c404f1412691b642d616202e2298496acecfaec075d624fe53e28814eea750cda
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
7KB
MD59ebea5b3d4617f1d8804dc8cc9ce3976
SHA10de52a2ad0f0415e251a0577c723d87b51258529
SHA25667add8e3e950d8ad55ac73eb36e839006e5bf956a61d0749489b32c836d7e25f
SHA5120060a6d2f903b54f9c6c1ba1244a539974d731e4e52636e6770d88bb109513efca05515a1e901229a26c8a91a783992022ae7812cb8458b7fe57d67e3cbdab99
-
Filesize
8KB
MD5af5484c334e7aeefcca72e97df6dd3b2
SHA134303e31e2987c8f3db463a14ebec0dc805832c2
SHA2568d0f9fb067483f209f595ab683e6ca246ccc89942271b4ffc38443e8a6e8538e
SHA5122ab4aaab66e73f517cb1952d6a72736c9a1c6667bb37ebd547c7d8867e145f0ae3a8161f7d7f415d0235cb549ba23044a6771700e42fd68de0d6b180b11a8c6d
-
Filesize
13KB
MD5855373f3ad46ecd3883441a96f4f5927
SHA166c3d9c3de112749916891f859fcdce2928ff7c5
SHA256d28e800bd885ad3e275955f33f88c30871b79a7a5db71f2ebeaf1031c25542cf
SHA512d2d8d1a21fa34fad5e9e91efd76943f6609442f8debea1452cd8787dd3d673a64afeb94574f163b0d944d75b8a1bbf41acbdfa8745824bfabaf096ed7eb382c7
-
Filesize
13KB
MD50abe7a06bb2f6d6b3d3f99ef169b3727
SHA1c3be231ef30e2acf082567325792d3faa6091123
SHA2564c1a7a906c5440b9bd07a6d162def53334f2a245abf5d7f26ecf1d679f106fd8
SHA5120ec8b0769256624ca987b459e80db49c5b4e31c41ffd01f164f499fd97c1b69014dadc4f7a48a6065c6b019f43182b1140251227aee4b3c7100dbe259ca9e539
-
Filesize
5KB
MD524414e50a338a9602b55ec516bcdf449
SHA100f3bea5044c618546e11a8bbf4dea767278ddb8
SHA25685674c171723c74350c262b68a1a21dd6f890ab40721be8693ebd03d0267df52
SHA512c77590a1990ed82e947df22539cfe269693a6e4a53caeced0dc135b7a6b4fdb606437c759985e2da43d9a2cb4dc199a325325730f74808cf32117647eb590981
-
Filesize
7KB
MD5d74b83cef3445beb431c6510338746f6
SHA107df4302c876920eab79eab0e57d9c2fba777ec7
SHA256da8489aa6cbf1682b373402eb5ab676e6ff5bfafc5197e90451d4b336f9a8c85
SHA5125c688e9ab22ce0251172cb6bae55b6d6310ccd4d596956367050aa45482b6d5134535c631fdac08b41be589f7e9c8e8c324341360643ec114a3f7c2f2fd75175
-
Filesize
7KB
MD5027775c24a06007fc10df79875b6d193
SHA11a36ca7df45a5be8907ed7e38c1b23878d370fc7
SHA256004d0a76f0e39dab61706cc891d25130c9a7806ebda7a675dd82cd17debc5ac0
SHA5126b07e7793f9f72b06395b0016f7fa3cd83956e7b85eab29435911bcde6f37a5e178000ab68873eeb8455e49e57b350500e5ec64b6381525b87018d23957beee6
-
Filesize
9KB
MD5a072d3fcd7de6a4d8118d26f147a05b4
SHA18eee631e0923b8d359f71304b0066a650fe8becf
SHA2568dbf26a4814293ff00bbc40477b9899054bd3dfc33baf274ef48648c69c72ffe
SHA51278885480aa6f72c14f6adcd526e0f2690ad1f6f2ea190555e4a5715eec258ea59af4b34ed6c65d0b0c7fb7dc83019078f8e72aeb731bc911facf46a9d15e7005
-
Filesize
10KB
MD56dcc7ff69b4d05c661b2bb52f95956f3
SHA1884b4266682964bc1a19097522e353d84aef9b7f
SHA256ade2b46e4b33a1b05cd50fc6beabf3f4926987087d00261298893531c2c93a64
SHA5125fca5d58482cb746280e9f649d922c6da54c4e518a48d83c2aa4c3efc86f5967ae266634eae71adf83d67f6b9a44ba5545eab2de779cd5d86fc258c77aeee653
-
Filesize
13KB
MD5db2267adde4c6bdcfe97fbab4df8bd33
SHA19280ab88eaac0a9933a12e93abda3ede5c1df8f1
SHA256d2b30b878fde849e2dfab8b89c6c8b8348c1687ebb7f2f948fa64acaa68042a4
SHA512c19492b172530c0ef3af266ed3783c178bb50aab60575c4c825e6a77f52ad47a3fc942252072669c9260a0c5bdf8ba120183242bb9b12f735353f2cc1c67d5e1
-
Filesize
7KB
MD54917e2bfbfa503f6f1a7dcef973d4261
SHA12c8cf9dad650214a9b1d4d85975db4ca438d42bc
SHA2567031d75505088752abc2e190a4e68461d41024fb7c0099b150c960a35775f7ed
SHA512f6bc39297e3f1bcd3b523f2255665dc9e4636dd165243fec8560693c83594ef962843844edede55bda226c84a8a33f1975cfc332630209874eeab307008df899
-
Filesize
8KB
MD56de06d94a0b7c0e8b8fcf3b3c5069304
SHA1559c4bdb700d9300f0df68f8b24a56c50c2fafea
SHA2561f783e33f3a87c7b9d394dc40f03042e03ea20b336248d60c6ab80527310d8cf
SHA512ca40dcd419bb67b3edb8cfcabe1f9d32b4e5fa2bd8eed869125f752f9d3e78e758d13f6bb5e2d9fb19f627cb703d530c8c3fef0d8493b43ed69b4d95d1130113
-
Filesize
14KB
MD519f13e5a6534230ef7a19411862c4a85
SHA1d9ffffd75b627244c579f38c79466cb6163ca07c
SHA2562f5c0440cd2b9d0363c9c2a74fced3306a8d5f999192c08841b473d80b5f12ae
SHA51293295bbacec98e516e9824953cf2211cbf5edc38116620640c23ba03f97b2b3c0218827c57aaa91d9b062736c58b8c803ca26a61e0a35d39fe285f3f8d26b1b0
-
Filesize
3KB
MD52b9e8fc702fbb433cfa71d0553403851
SHA10feaad6e64e5002f13bb3a8cd6ea5b9ba9988901
SHA2565f83b342696f21e58ff65ca0fc707c934599c9ec13159b593dfce1a7a4485e7e
SHA5120fa563041acc864ffea55626b47f7ed58366a0dc21f00cd36f5b047b7e21ce81d50081fa5c20efc3bdcc81d7985d61ca5b388947baeb042b8c8cd712e029d45a
-
Filesize
3KB
MD5c690526ce1dfc0b10d5099643c026595
SHA1f6fd4fcc4156640221d7cdc91df6235e19f24a34
SHA256b32c7e9e2c843183ce973bf9025e18a3e5348f9bc9571b7e37e791117614a59f
SHA5129b01a495dca06abbcd36bf2f4932ee9a6ddfd91929d6fd82a8cf5718fc94fdac098e18333305f8ddd9a396ddc69078d80f56ece944599535365207606ee1f98c
-
Filesize
3KB
MD5eaa74a537e878bce9cb7696776d2f5a3
SHA15453fb3a281e4a001117f4fad640e1f28b7fb12b
SHA256b5ae5ebec7a5952d937af5f5971a6f1c449e4454105612569511c45e10685c30
SHA51260d264c8b092a1f69ae55c1cc945c2878b57a2c8997759451983f6fa138caf06dbf328752ecc11f33f675752858c2b5a506fdcd0e8ad1b2879ec578f347be96a
-
Filesize
3KB
MD5aeb8a0ca9f12e3c567b24adea387ee29
SHA14de9b9fd19430518454502a8d65c06a988bab29d
SHA25608dd16df85bb7ea377b6c4cd607003a4931d336fa7f542e04f20674671d26cbf
SHA51268b9a8eea718a36035f109ad2dd87b9f0703b5a0fbe321e1c1d1f87fc20f530a75d58614d5c50451cbac966ee7291f1581c81e279613d55387a789619d4ad80f
-
Filesize
3KB
MD531aefe45841a1e8d13651fb547b1e1d4
SHA15f07f0114200cb0fe031180eff7b90e2b9ac54e4
SHA2564529ec6c23dddda36852783cc6dee0482858f514734e833d8daa673962c56395
SHA51253b003d932f19fdba5285d3ad11894bf3e8614d99c9e770bc67e43de8d46ecf116fccd308faebbedc49fd471bdff0e1c09347f53e9b2e53e57a7c48345505c11
-
Filesize
3KB
MD5e09fe5e8300c4433ab5b8063cb66c97d
SHA1b7a374c7f87216306e122988ff183b5bf0f8eb4b
SHA25627a87568cd12362bf4fe36dc941938b761b6cbc7f0cd2029e12aa54663b38ff7
SHA51212b48501d8426b454998b0975cbad8c20b12cca4893e06b3317c8c1185873cd9de055798c2bd838c4775b87cc76a910814debfbb676b1bd090e9f5b18232b63c
-
Filesize
3KB
MD5af76a66ada70871fb37244f75f1c84e6
SHA1e8e0ee62f8d73d7faae715ded3d109024259ff32
SHA2569a43feffa370422a2f5530076d09e6292e41a761b60cdd5db42a8c5c375e0e7f
SHA5124a7557fe22b163ef4c14da6b41bec6d82ae4ae299966884f72135290b3705630b991750bd63ab1d9cf2a3f540eef664b9998486f39b677eebf4efb9987992f5b
-
Filesize
3KB
MD571e23a9048f6b214b1cc4be3a459e992
SHA1bd34104f37fdaf0576d4653a7525da10611fbae2
SHA2560d12bd536a0b3601c6acda5884f7b37f86b5faffbb4cbd176dcfdd6aaa543c41
SHA51275fefeac024b080ae67d4ace889e675adfac0ceedaafdef4d7970e65fb0d3efa8f85067062baff3540c43ab221844001c76f0d0293edaae1f3fbf806c18b448a
-
Filesize
3KB
MD504773b8e3facf148ca6a39fdd471267c
SHA191e7ec82ba0aaadc2c0ed77cfa773fae8487786f
SHA256ec9b042c5cd244fe7c982b9fbb00d14ab7aa5688b29208fe07f2ffcf9c8a6463
SHA5122876df312f4e0f96e0e0d53f799a8c88aef0892fc374607558ab08e9b8f56e2d0c8d748cc26595e69eb2ac8c489f5efaead7cf311cc488a12e97aa9e3c837f33
-
Filesize
3KB
MD580c495ec81cedb6200888903922435eb
SHA11909058ed2c29978db275dfcc0c46c8dd66bc282
SHA25691f220df11be9bbe31fd078101c8d7d605ca7f2458ece7f58f36ddc9376c9830
SHA5124fa53c9da6fd762bbbb8a373573a22b85a5c36a260b7a2ebc51fb94ddac5fd75ebb6ba2ed42a865574eebcc83dc7e60c207cf7cb27a1c9540c02f6154598ed83
-
Filesize
3KB
MD56935043800cc7a14b74020b111cc27cd
SHA1e0e254559c23f45f25b83b5f0c64263ccb89c8c8
SHA2561e742ac1415385c83519c94a3d014c395b1306529dc682fda523f063d0182d94
SHA51231d913badc7f3f34ae5f8baf5edcfabb24e976c18a607dfd3b649aa2379421384fe28153a72690e2c4cabd95bbae501981422993c1203606c71815ec8cae1ca0
-
Filesize
2KB
MD5d71011d8d501d6c2e91568d32c5e6994
SHA1c3119db3cd1811198ebf92dc7b9c689bd7257903
SHA256689a60f272dd3a9e194b76b4246a938a8bc74df9ca07febb86f9f879d7f7cdf0
SHA5123dafc795fd1749e639c8dee3150ea1f089bbca95b838a3d1f257ee7f3bb0a3a0d67592c083ab602d4132f7fd92e1ad9eda82754e930a82f7096906b9ad4edba6
-
Filesize
3KB
MD580629bb29187942df8006d6f19336af6
SHA19d54fbf51198e861438ae3ce11ac40dc3243cbc2
SHA2562df4165e9deca5de6b377b2281451924cbdefb00021d8b302ced98345186ecd6
SHA5123b1d741601484ead010ab6f77d3a3360cef0e1ea80ab93c2afa7db11059dae1abd6025ac7b9321c31a3de547e84fda8c10c96fad0570f7ae292a44fc5bd521a0
-
Filesize
3KB
MD58a96666ccdd54cc02ce4034d747aa14f
SHA10fbee2d4641081ca8371ee248919cd9508026845
SHA256dcf079d26a2e89d1a547d3b2507955bc4ab8663fb5a2e11068128732281ae7f5
SHA51239c40e67e8662c24f18f6163b14cbe7424141eb5bbba8e5e2760c09bde24294a0d69e7a443a5231e3a05c25ed90c83ffcea0191fd64a49a021ef0caca1dbd48d
-
Filesize
3KB
MD539f20b2b62c8af53c44531b2bd220e6b
SHA10cd922ad255c827e2ac18aa6bf72548a467b30f5
SHA2563f6ecade9396a7b8aef68d8065f10a0e89145476b363e792a15eddb9344836b5
SHA512b3a4f9116da7545e9af1a686795037509c79d020bd3c38be6090b03b9b3745b3c55d89a7e26174951a23404f7edb1d19abdc344773a75b57b7c34cc3adc6a80f
-
Filesize
3KB
MD5ef9db4e6b8dda680475c3b76ad4cddd8
SHA19064d7b4d026d3d2b69723a5fec8ce00e07eb86f
SHA256002671ef04e256c04af91e41479d7e6da777dfe425c167fcc2c213bc05dc9b2e
SHA512b46fd1bcdbe8d30db19267500ff97679715dbd355733505dc42c9c79b2b5c1ffaa7a1fbe6f363fff699436f03ff430e0e2beaceab79e5d2d7630e70b58718e6e
-
Filesize
2KB
MD5c7d7cbcc658e6e0bb3b90e9993c99474
SHA1bd46f2fac9d4c5efd975fba27046cc8051045683
SHA2569f95c54efa68311e9cb6aace7cafcfd74bbf96e067c44c4ae7e243ac806548c8
SHA5123ae1ba4c3b84e1adbee78cffcfff1bbc043d2d787bc2582edc83a580e40bf3d405ada99df6e77655d5fbfecce431fcad7a323091c425ec53a552b0034048e490
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD532b0819bffbf5f1b8450d92c1a0b60c9
SHA14720a1f78b0bcf8bb38c8aacfdd9dbba81199e4a
SHA2565f9e38544c8a41971173951a8c3d3cc7a5155b4b0e381dfc132f29afeed7a069
SHA5120a54c904f8df1de6c62bf2018d9caac11aaa9062fb661f9b7e1050e83968710674798abce69fc258b32e88020bb98b252e435d41533bde6588a422a28bc7a55c
-
Filesize
10KB
MD50a6e01c0b53535a67ac879ebbc880655
SHA12ae26df360399067e82a3bc0a072e3d7cb9c0c32
SHA2568ccfda3e44640f697d959722fc67684d0e35720a9ac27f70a109649f7858889e
SHA512a02e233fb78d75f528f98a1ece0c62daca3c6af5ff3249ad4ecfb8f4cf5e9324daf42fd80bb20bf56808d0d620444d3967243899436483c0aa4f18ea1d7e1b8a
-
Filesize
10KB
MD529bb08b99143ed4a6ee64531d8f5b016
SHA131188b81a39c9a865073629b8521cae37e97ea8f
SHA256f4b871e99459566629aa6a7bcfa58e2f6b657c283c3e8f69f26dd00ef6f8dea9
SHA512d4d3939710f81a4ece5d9c3b4d110fbc8f4bcacc2edb8a3d8c16fdd5d95fe52efc370e77a4956ce62389ef2bc8096d8d0fe0c99d1e11c6f54d3c6e29fb58030d
-
Filesize
10KB
MD519f20cceb4367f272fc40f23fe46ddd8
SHA1f41a0a889b08c938e6c9e9747bbb8403f2d043dd
SHA2561fc7ff1eb82e2325d0c5c7bd9053410fd429a9341b6f254b31f300e945392ed4
SHA5128019b25a756d61a5e0dfa893e5a4ad5d1f8ec50f072ae73561549a2aa17b384c2256fc862a606c4624b32c9ec53381a2c31c504e80417bb00fecfdd5b934b6e3
-
Filesize
10KB
MD5c1fdcadeb0ccc8ff57629fa6aab56104
SHA1693f900a25be0a4d7a9776976da2a3148d9390bc
SHA25643c243271ca9273a0914ad4d474c2368ec5068ae1bd4c4c6159311bae0b35aa1
SHA512948c04c36a435538ce3ea93325beb25b7726d295002f036ebdc3e10e5860f03f1c7c3ce1e6520d474b781497467b32cc24a050cdd73ccfec38589acdeaf2ae9e