Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14/10/2024, 01:24
Static task
static1
Behavioral task
behavioral1
Sample
.html
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
.html
Resource
win10v2004-20241007-en
General
-
Target
.html
-
Size
8KB
-
MD5
1871888ec92ddc847b02447e82ba2df3
-
SHA1
b66bb2d3b8bd9b518ce7bf884f96bd7732df2228
-
SHA256
257820e9a4671fda444faa6ba1ba660a6e55b66e3a2980fa82095d7049b444e2
-
SHA512
749c7941f127b92c843edd5f48c0f2be4ad443518cf15945ecefa4c4d98442c3426cd6e157de785a7eae62f9e7ae1ffdf25f19e29bed2f3e75a8f5c6e7113328
-
SSDEEP
192:PN2x2BZg08Ya+Pj8efn+DvD3O1xna0NuHrSDK+yyoN:AxW181+LvsDO1xn1sHz+KN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2984 msedge.exe 2984 msedge.exe 928 msedge.exe 928 msedge.exe 3324 identity_helper.exe 3324 identity_helper.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 928 wrote to memory of 2432 928 msedge.exe 83 PID 928 wrote to memory of 2432 928 msedge.exe 83 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 4444 928 msedge.exe 84 PID 928 wrote to memory of 2984 928 msedge.exe 85 PID 928 wrote to memory of 2984 928 msedge.exe 85 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86 PID 928 wrote to memory of 2040 928 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e86746f8,0x7ff9e8674708,0x7ff9e86747182⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:12⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:12⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:12⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7448 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3091909702252190305,5118656026397789973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵PID:1540
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3336
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2875cf4f-5448-46fe-9043-f4a3ec2efb9e.tmp
Filesize6KB
MD5494fe0cd5cfe84c9b503925ec13f5e80
SHA109fa09fadf6e6bacc72c4c7484f35f8d5c99f942
SHA256653a5158c780c468a65cd6368b517d7861471bebb746227e7ebefe7bdb249fe2
SHA512b6c771ba7cd8df573b7e739ade056c45ab526017f66034098ccff5bdc869de794dbd5f93f90f7b2c80c5c10dded71c9b7be0ed11eb46e78b44365565dcd965af
-
Filesize
26KB
MD5d944ff8fe668dd09051b1385fdf6e8bb
SHA19b70ecdd5ddab7ebbab12f4f9ed09e021149b903
SHA256dd38c8841c39f10092231d7656b086cb699f8f2c711e8c46c9eb807420d9cdb3
SHA512350a189861184419f8f9d8b14110e3b0e19aea0b23514c2a5475e4858a092e2d618a126038b8ac4cff67a144e556ae8c62807185c09f21229eb6de96785416f8
-
Filesize
24KB
MD552478f9dfdb9a43a858cabdce8192f0a
SHA199ad0aac467df31a9f6a480ba763fa6d1cf0172e
SHA256f9980e2d703e0f15349b04b4092e733f3c8666da49ccc2a2ce97457ca78058d8
SHA5125fe295fa944a8b0702cd88e70fe6e8f57d10a4f944ef18ef597ef36b8158f834364b2f91338c10ce14c0194ccd4d4e5c047db3bab964e587c5c3a1ef984abe94
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD525fd86e28da52491d63d7d20b0ae7a95
SHA1fefd44cdce0ea0645ff5c810bea9d1aa671cb949
SHA2566b2a52835ee9e8041627097398184a40d2f6abe6872c7fc8c0b8b192b3c66a1c
SHA5120f47b518290cba1b3af9931470b9da8d62df521b0ad8af793dd691245a38c8be0f4034e0e2ba155df4255f8e0b015eb390672c876cdfad223edce8e4eee1f3ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD50e0e9625bb9185888f7718618eca847c
SHA11f0ce3d886f6664eceae595eba6a54c0c585c7b6
SHA25600cfab0dcb6ff8559f2f96ed4c470a1de05d8e84e9bd5cd5b7e7fe7e936fe9cb
SHA51201c0c341bca74b84819ed4f5824781e1d7b30b8f05304a51d6340a4a21aa1fcd4bcc575610cd86ec44624a18aee21a37a94eb5e90c9cf72bc8dcebdbf8ac2d84
-
Filesize
2KB
MD5ab211674e2e1d1535ea1d3876e4a745b
SHA1b07ce527d177890be51e91cf46a85f4b85a5b734
SHA25653f2042b71e27e2e313d426b3bf53819b1a2c147af3fe690fd59e7b3119f581b
SHA512395d59c7cb80ab3ab3f45241399ea53b85bde6ad43b831e3e612f88d65d5cb1d142312ada6eda58fc61bea476baad063ca5af08b3cc4ff29c1ac2fe8661b9075
-
Filesize
7KB
MD5c0961b642f36a842762aae2f7d65e4d5
SHA11289a732ec2a9f2816e59b9acb52f8a73f758aef
SHA256ebcdeeafe13cbb96fb1764666b0a59b9cf45693a5b7604e6ab578016f0bbbc7e
SHA51219243f9047382298786269db735079bc189bcdd8bfe6dd67b4881a92eb5c937aaa3f7107c7085ea27be27882bfd8001808619c0f7547b32cff0a1064c59f7a6b
-
Filesize
6KB
MD50228f194bba351c48370bdc0f9878c12
SHA14513401fa6014ed6f6160e73f3a96bf9bd891d5c
SHA256063937f707407048d5a032fe01c38204c33428eaa97091c631c056b37ede4065
SHA5124895e90210387264f1b8c6a1efc29a707d4bd3b3d80576a5fbd2632e6c23e2c4fde490c6407dfcb4456e8fff401fff6e61bcc580c606108e6dd7bf87060556c8
-
Filesize
6KB
MD5505b2f9580125d05e463c6ed815d8b4c
SHA1ddf907b09d149f6fe3b4b61d9c8a32ac5beaf20e
SHA2568b798b2848b2c5642fddc1fdd1c65da942f0a5407fdb0fe46158efa0b7e8ce9c
SHA5122d7b4da945ab6aeb31f6a1ea0ecb17cdf22a69392a7652a6a830d975a265dca67bd61973e9c6e6fd79cf2f2526b17f1dda67b6abcab78819ab38f533f00c4b2a
-
Filesize
7KB
MD54b5daf0dc3072052e4fe7ed4fff5fec6
SHA11f7a492985629d7ce00bcb1dedc56b710055416d
SHA256b1131b7de26b340101a76bb9a8dfa2a35b013e134fbe18db7ffb994e7b0c3892
SHA512a3288d8f1974eb3b80f8836f8d49bfe896222669c97900f317038704a779af6ff7366bf84d4f61826455c0560ff1044efbee052b9535a20d4cdc1da9cb9ef04a
-
Filesize
8KB
MD597fcce8d1bea9a5c6dddee2f0ff48373
SHA1b480ce8d4feb5829f372f555d4bd5ce5c0d6f338
SHA2566f0d0c0ebf07ee4f8aa1d6f2f5bc7043d263fa3d4f6d2c4efa1a54ae0bb15887
SHA51252c3b7ed31bddf918feb6b7d7044b35a877ebe15acd0af65fbe08ec20ae984bea74e24767d47787a2df6c6c5e6828acc614be2986497a4c404d06e31ee209ace
-
Filesize
8KB
MD523a7de503e7e750eb829b2605aa0c0e0
SHA167cb4829472502e0f4df1eeaea0c663b3bf775dd
SHA25639065bfbcb9d5d77c813d4ee1c848e623fc9d0db7ce1aa5d24c30302508821ac
SHA512f20ca4deab4c2e5e3c1d411f18d5cacc5e692d5688e2a2aea5b6a1f44cf7b8c7367ab381890f1c34b1a2cddb534716b4e45bbca03f3388210ec5c1637a333c6b
-
Filesize
1KB
MD508769b88e77f73bdb86e2ab56d1d0009
SHA1a9a5f0d51b723bff8cd0f819eff8624f8e732e9a
SHA2566ab8c8080f4b68e91ed36a0b417e478cd32e661ff0abaf21a875ac97785158a8
SHA5120296698159c879558222a5d9c6c5d3b0b7b7f67397c4ba02b613c011ea60a73dda7f4e127392a1f85746fab1ee641d15c03caae1af1185d062a51429c0f777b8
-
Filesize
1KB
MD5c819eaa8ace810b910fd47ab3f89445e
SHA1905e85013062ce8ab63076a199df4a36988c3eb7
SHA2562901c90729ebe15b10cd83eb4b0de44ab4ea73b464122d97241f30cab3a7bdd3
SHA512ed541d67b508671374df311763cd576296342f277c05d04a95393eab5cc5fd562a2c9b431ff997d3c9ab8f9408c26950ad3a2a2d5c65a160acfb7d4ae305f4ad
-
Filesize
1KB
MD5ac63c2177ea23367859ef1786f91f613
SHA17d47ee283b2d06538d72106bff073baba092bf1f
SHA256c27363f2c752825af4507d723e5ce02c8fd10bac98cce32a2644568207839aa3
SHA512f345a9d8d73af828df8f7ecc8c46ec0f73920a8e49decf4e06819aaf7ac3a9f83e9cf4c9351f5b98bc6fde845df0ccebe3d64dd97dc18178c1948a871043e24c
-
Filesize
875B
MD51eee2f22ec21979070b0432510a09472
SHA165f436c784c02d2e4b48ed4fc15d21f6e5aa39b0
SHA25698ee7bee55f060ef5e88c5cefdc683c8d1c8e346158d73181e4c944e2bcebf8a
SHA5122adaf33535ae8ab47c37802918124e142fd5078b55f592bcbbbc432ec93e60a82b18ffa208f1c2f3bcb97f8366ccf2ffa280ba68c18ea2a0d44f793deb849cd5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f713ce94946da3724a3a4f60f91591c2
SHA1d7a4e6ec91d90c58c341e383da42314142c5aa2b
SHA25616bf783e01246cb43d5dc804a962b47ade3a8704da7dd9c435ae297c831f766d
SHA5129840fcb4f768806a22a7c872404d8bfb2c5340993f10cd4c0a4bdb6b07e242eebb4c073d75afa34d9e71f2ab399d11416678199aaff129b9a19c787ac7caa281
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize12KB
MD54af1cd9ce85fe682ef97f08ef4e54037
SHA10526e296396698a0d35895852a47a517747d6e15
SHA2568278bd0735eee32109d96ef32eb69dd26c46dd28d16ecad775702fe26bf2d5bd
SHA5127a7879a0b1bbfd3f55747b10aa88dc013659b66bfb6979a07400dedabf4d07d16b2e761b7a1ee6b01fc19971c7970fd7a1153222f2f41b4316dcaa31aab8c25f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize15KB
MD578e52c9be0ab5e99f4e2644b9fb20528
SHA1ba191456e56705d7427450ff3877b8c0d3602064
SHA2560ff2bdae4abbef7786dfbf52203b7b2c9632f59cdb30dbb3d00f779c229857f2
SHA5129647e11fa8a9d511e28551448aa6e22ab19d078414a2bd80c023e2cc4a9e0166b5f8dece103ef74cfaeb6ddc558af5a9c13b310789c2872e36eaf68cbf48f458
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize16KB
MD51842a4acd0d965084d4fa4ff4a39ed5f
SHA19924d5a7b2c17513acdb942ce5bf5edafa1cfa2a
SHA256d60078da4270aee5eb9c11d5b222eea03b1b2ec9e453ac633b4973fae109e0e5
SHA512b1976eded081c6a00ab0119389e6a880eb71cdf90e0cc18ac61406f691a79ee5879fff2bd6d443a4df1eac0be61daf9a1375cdaaaa7993739e3da6eb39f29ea5