Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13/01/2025, 10:15
URLScan task
urlscan1
General
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4060 msedge.exe 4060 msedge.exe 5012 msedge.exe 5012 msedge.exe 3216 identity_helper.exe 3216 identity_helper.exe 2120 msedge.exe 2120 msedge.exe 2120 msedge.exe 2120 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
pid Process 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 5068 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5068 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5012 wrote to memory of 4352 5012 msedge.exe 83 PID 5012 wrote to memory of 4352 5012 msedge.exe 83 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 1916 5012 msedge.exe 84 PID 5012 wrote to memory of 4060 5012 msedge.exe 85 PID 5012 wrote to memory of 4060 5012 msedge.exe 85 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86 PID 5012 wrote to memory of 8 5012 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sunflowerhotels.co.in/?infox=am9uYXMuaGlubmZvcnNAcG9sLmd1LnNl1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad17946f8,0x7ffad1794708,0x7ffad17947182⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:3084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:12⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:12⤵PID:2656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6356 /prefetch:82⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6272 /prefetch:82⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7214139941411654556,4547191759246271211,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6764 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2120
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5072
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x408 0x4281⤵
- Suspicious use of AdjustPrivilegeToken
PID:5068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5db7e8d490c45b777089b03372f22bdec
SHA1d30ca4dd25c17de59be0a3310d1cbece08315991
SHA256a08cce7a946b614b2addab801c88081bc6fe55fa7679fca77e144f2a467958f5
SHA512eeddd9a0405731c583e4ca7ac3eaf6b910dd13616f60e95975b15ec4ee65d861a89c8bc9b0d55608f85239188096080fb63a8e7a6bad088104c9f15aaade1dd5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5464b96accb26804e587d7a9c0c10f427
SHA198e56b9092fd8bdc714fc56f9167fed8836fa011
SHA256712d2f25705d04109f7ddd956a65de9f0b1cd02303acee3fe2f853c9acf6bac4
SHA512f51c70531ddc98b9cc6a7006cf25396cabc34f229a0dbec8fb741561a93297be9dfae503ccfb237815bae9d6829b5a5cea9705f7dbae6796eb3ca13226e837ec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize264B
MD52a9972d81d4ab4cbf6f4a3f4c9109cee
SHA13a570a04d24773d1876aeed921b4cc366691ff7f
SHA256b4a8647773a34b6dc3552565259a41cd23b1760cb7cdacb6442b6c008ccc7c72
SHA5125dd71510419251ab368bbe8721fccfe4750a3291dc9e29e0388c18756dc54666ef661011a6aaa969db77a1cd9a496138dfd562562444be3cfd0719b5dc790cf4
-
Filesize
491B
MD54be7bcb228f426b5265b9411d32d044b
SHA1181d7ecfb863b0504a63f8010521aeae1c06c914
SHA25623f7823e3c3306f2ec17850950f3a419041701916401befa80d3e277ccbda7b6
SHA512a46ec16b57c15d570386ff4f779d0f1056040a640effe22d73b8e26d6cffe53cec26ede07b074215e58baf164a2f7e613c98b1c3724ec8b8c3c269609431e01c
-
Filesize
3KB
MD56fb8561a583d4696d5368e2c8ce2e3f3
SHA1e43f2542b09a8cee92eba20c3d4ffff9d79581ed
SHA2562d00c6f5a613d0a5d190831d2dfe73bae365bb269a1767ed35b9fd5a74c7d8b3
SHA512108945c198bf6f628380ac24a839421166736f3f927a6ac9eabf75ffc618d805416b4b6a87fdf391518c5b24d7e2504e59c819c351c4217aef9eb44c9b800681
-
Filesize
6KB
MD5459d081703a6515f6a85bc7edbebd1b9
SHA17b6ecd55748bc3805af5a7696196ef0b798d8e16
SHA256a3c59ea23092048d0896bf4187929436ee6d0db0a65054269ddb7ad7ff74d3c0
SHA512b382ec690edbadde9b1b1aaccce8d976008e16bf8c99e56424e8a2ab4f0b36506a6bb6c4979509f1facb223356d4ab1e7450aa1c233db19aada05ee0a75292e9
-
Filesize
10KB
MD50508d60538558750c0f217c0886af13a
SHA10db8cdfa594792762b8c4d603e38344d1a682b90
SHA256eed81acfab7d6cb934f07931acd9a578d7ada1b3c4ee7e12c3775f5c59411f17
SHA512b8d6361cf86b7f2e0a84f77af0b1b59f0ee0caccea284a29e188fdceddfe72346258672441022f63df3ae8943c8c76bde6178e8cf9a54b1f230a5d4c4b098771
-
Filesize
5KB
MD5d496852b820e17944fcaded22b9100d1
SHA1431df6ceb6787a0f08219391e46c36477781ff2b
SHA2565031b4e9a72d7c40e048cbb75f101f4261e979fee0ea3eb6137717ffb5c9f9e4
SHA512f0bdabf443029fb0383c478d1ec56a51cb3cf7fec1f0a19bc9770d923d34858f871e2860771d944df65d7d6bc12636727da6dc1f7f51d45226cd1165c7a93cea
-
Filesize
6KB
MD59f20fcdaee95d58d9d7693d56be36f38
SHA117299dfda4fb8178046f9d6c0f9eae356205ee73
SHA2568ba1e6c0141df544604df9cce4112ae3c38b81841908b554b6ca79227eb32d2a
SHA512e6e7e8e209a43ca81864168d6f115c1b4b9fa0b553ff005fc63ebfe15183c754d114e3001f771ec00bda6ebe531feb73e6eda938e6317e37edd86e89175fb2c0
-
Filesize
9KB
MD530422560c650c7cdaa05029543866491
SHA112176bc3284929c9831e1c64f87801b034134e8a
SHA256961edcfd66940b0f9a995cd4aa6ff5bbe7c2f47b0c7cfc810f73cb43ba535798
SHA512428901296c929c8a36ca0e6a480622463f7a4157c9d6f43c1897214f38ddcb0d81bc2caff2a7b5fd42438a076fbf4e94d9b8fc2921ef5ebee85b06090428dc18
-
Filesize
7KB
MD50992c4ee86dc12455cb4e377cb96cb08
SHA1b5c0b1a035290c5b3cfe692f940935c90953fcd7
SHA256407c14f46b3b2f9667786754c0d11477ee64b8ded56115922958dd5357401ebe
SHA5124f331f477f0d26a16da7539c7eb8afe43b60f5864fa3f3b66ed0d22217a75503b2efe3a34edccf2b6a42e2b3111c769d6e48f22b30b437250a676b8c74c39a7b
-
Filesize
7KB
MD5f0a8720b220eb37b66a0186c77d87cf1
SHA15c277dc604270339607ccbb5fb55ad454c7d26da
SHA2568a0ea8e5f6b6bed3bfd3cd8cd5e4da0d7bdfea52689e8a0d5b66bec206e6c77a
SHA512fd95e928950e5d73d9866728a26653d339db7fc99dd49ba490044caec2eae19d2908fcdfd3a99377fbd17cb1fed67c0c1cb564fa7737983db6e4fe3b2965eb2d
-
Filesize
8KB
MD588b41878cf9cccd7aa46421b1a82dbb1
SHA152a738db17f18841d1660228ad9d6aa0e8bbffc3
SHA256b04621992f05453d517e46f4078e0ec8aa3a3098e21647a02a93438aa6dbfaef
SHA5122233a0a2458d9389aee037281ee32de0847808893e6403b0046b8ebef3b6a87ad6140b085781fc2d114b6845b4ea3b91c30f5fa359fb7539f5a435fa2c46c232
-
Filesize
9KB
MD5b814e8fbcfcfd2095932a42b1c1b4730
SHA1a37f232be6b023ffd959076e9f9e8129a224d6d3
SHA256769cc6d54852f3f5ee6f6efaf7eb31d5cc31f40760b681cb4888c02550f5129e
SHA512e7f90d5e796b4d0855009f8553f765dbf0cd992a3ea4dc014ed8bf541339c8cc2c11784ea7575453af0ee4671836c393706ddb2360c0f64d86199d0467ddef15
-
Filesize
2KB
MD51ebd960b7701028eb4593944e639913e
SHA19b0c4c7d87ac618ee094807baf3c1c40192f7166
SHA256ffd1552e5bed422e351263866fddaee9ee7f2a498534fd5517ae68f950f4a039
SHA512299fbe9ef95f8946ec568830422a99240347b4689a46b6f5938328e03f11b652132d7c831385473f2f45dde226b3d6735f0370779af10dee629260fd85caa34c
-
Filesize
2KB
MD59692a51b8074e79fc040bd458a7e99eb
SHA10c3941d265712945f33f7358feb9fd2d4f5cd461
SHA2568fa31ea43af3d853a0ce21bd41f267d03fbbc7980c58c0b47b2ccea8edcafef1
SHA512feacdcc9d572164adac8cab70816ebaa798bc3e280e34b2558f4809bc3a5fa3b01821d09ea09d1479d4488dabd50a95a84ae7ce547a9ca8acab3cf0d1040451b
-
Filesize
371B
MD5f9c46b8692e5893291aae6a38feea480
SHA1a330fe61764c6e5d848172914279b5525f665fa1
SHA25674fa4484dd5f47198dc5f55489241543e29dc736f611689cc822f847cee0d773
SHA512436a678ef5187b3ddeaffce3678abbd62f75eb63cced633ae45ee0b35d73075cf4e258e7a24e8bf73b8a897cfd70690cd5a040f7add5a251fe1e4a65f9538279
-
Filesize
3KB
MD5b31bda5687619fab2b9de5d0569edabb
SHA120ca6277fc3e311076cc61991bc8b222ae0d063a
SHA256166723b5498b1ba1307132d803cc6f5f589201a3bfaf8d7f686203e94aaff8f4
SHA5124afb2d483335092d0b941a9283f01c90c432275b1b39a7e82609d1e59b837580fb3dabac2be17074797e3a1ed6c24a91c636a562e1aad665a06283e53833d154
-
Filesize
873B
MD5496443731e3cb8509b65e59422bb5d87
SHA150109910ae28a68dfe238c2761bfa50e483bf16a
SHA256f87d9e1be8d2ac14a7202b79e0c24bfbfe6d204fcbd564a2e4ede68b8829c044
SHA512a19c11ea59009ed71c34ae9de122c0c4ca8a1618412c423dcd6f48aff8eaf09f26709ec01d675880225995ad7f8b407719319413807c0a7b142ee677268106cb
-
Filesize
1KB
MD571d25a9eef4d23b0acf19d8a06b883d5
SHA16d495bb85e311d8eb3e224d5df6ed93d1ff17627
SHA256a10f7ddaf37e0e0831df751fe61ad40c1b9ec0ea6a0914c56e94ec3910552e0f
SHA512b81a46ea0cd06188935a02232f14d6b8461dbcd5fc73e7e7c84fbeb74580d185ff3c9fa84698a1f17e06a2068f0ed8eb8b500bf66dd5088c798afe47f4d004b4
-
Filesize
2KB
MD57135cd443bc551f04573815f89569701
SHA1964b7d238ce219774495de54918416f08549330a
SHA256b6095586edffac0aecfed4d36869df558c197a00d92706a561692b4db0948d5e
SHA512abc41cd2b1909f87de91b497323437a5812a0a3d18ad49a73769968357edd73bb12a64d569e57dccef4a2d864720ea6a9f8d482de8d36c74f884e2412d4bb16a
-
Filesize
203B
MD5bf3a6667759e986613f77f1057290fdc
SHA1616806c23867dfe849a01c0b7994ab99ea6d003b
SHA2566de0c89e547b035121fc9aa71114ed064bddce29010a0a97670e799bccd841bf
SHA512ca696e7ddf169b693164dd177cf8c75272e2debfd093af4b3bb1d66fb20d66ff0e6960f35c578412ff4b93a0a0793b0eec78241cdb099a29c62c20566321b2f9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c3f73a6d085b1e6ec47d4c5c09b1cc96
SHA13c5cbbef4fc2fc1ad698459185f00d6b964de959
SHA25645462d32acdaf1ea4071c014c95bd867b9b6d7348f4dee06540cb14f4d5d1dcb
SHA512f261ff0e73855c15f2d91e1cd380e882ac543e5f7967e1fa73f5917f726a77ede93ddfa36fa2ac432e0dcaa219a13e3988a692ea979fccbe7bf28bc596ed02f8
-
Filesize
10KB
MD593aea91ff4a46fa01c9f718af7fa329c
SHA113e28da63a74eca8a384bfeb1857fc5f752f8971
SHA2560aa670fbc3c9557b598a30f34ac331e501e67eef871b76c275888089d864b8fd
SHA51270152559965212e780c3e902ab421e783b2fef3e4aaf9ddcfb836047d472c14219463ecbf5a365088d99ecb169e03f1172ec749c157bdd8b837426da7b77f1c9
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84