Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
393s -
max time network
396s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system -
submitted
30/01/2025, 00:08
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
flow pid Process 37 4576 msedge.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 100 discord.com 101 discord.com 102 discord.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-70482961-775596374-3727440602-1000\{1960CD40-8BDD-4C0B-B3CE-312043303C47} msedge.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 4576 msedge.exe 4576 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3840 identity_helper.exe 3840 identity_helper.exe 4808 msedge.exe 4808 msedge.exe 4808 msedge.exe 4808 msedge.exe 3496 msedge.exe 3496 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4272 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4272 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3436 wrote to memory of 4220 3436 msedge.exe 81 PID 3436 wrote to memory of 4220 3436 msedge.exe 81 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 3012 3436 msedge.exe 84 PID 3436 wrote to memory of 4576 3436 msedge.exe 85 PID 3436 wrote to memory of 4576 3436 msedge.exe 85 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86 PID 3436 wrote to memory of 4320 3436 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb27fb46f8,0x7ffb27fb4708,0x7ffb27fb47182⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Detected google phishing page
- Suspicious behavior: EnumeratesProcesses
PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:12⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:12⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4820 /prefetch:82⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6232 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:12⤵PID:3532
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:620
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x310 0x4601⤵
- Suspicious use of AdjustPrivilegeToken
PID:4272
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59bfb45e464f029b27cd825568bc06765
SHA1a4962b4fd45004732f071e16977522709ab0ce60
SHA256ceb8f1b0aaa1ba575c3704e73fd77edf932d68c8be902b33f1ba3b1d130cd139
SHA512f87cce8bb5489b56027f5a285b948b639a1c7b0f213a111f057235177e5bffc537627c82586736704e398a0185cf2ad8ba8cdee788531fb753a2d08f16e906c7
-
Filesize
152B
MD5ae2a8f2ebc841509f7b978edf590d3cd
SHA191358152e27c0165334913228005540756c35bd3
SHA256631550765e3db02be0709748c0634a2cfdab711cea94f5890854d0c1dfbcb214
SHA512e52180dd175f1e6ff72d76400085869387cd70da33919de219a04dc26871e8421e93b22e7c59125c19c6ee54a8a8f742d796ac68ea9077c9dab5f03b80967d11
-
Filesize
214KB
MD5ba958dfa97ba4abe328dce19c50cd19c
SHA1122405a9536dd824adcc446c3f0f3a971c94f1b1
SHA2563124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607
SHA512aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD536282fe9e7c67edcd4e6f075bf74c571
SHA15da09a1c43d9e25e37c3f14fabff925b41d89f18
SHA2560fccdb1729360d71cf3cf44d944be01fd6f6c961bc96396329e7836fdfbec129
SHA512bb098bc763299c929147e9e8d3aae303feaeffe5a5a398a937b999164d50024bb485f60955a438c72d667a331a2cf50ac8be2ca699f3f44fbe5b2093bc0b69b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD513f00ca28133854f89d809a98baa6062
SHA16951b8bf9598099aac93003a1213619a8343e262
SHA2564b70727ceba460dda807c4f22777063e24b493c0eef6b35d0ae9ff433167bcc9
SHA512eab5597053e24604b3fbb2dd690fd2d4772d81f213a831bd157a8900953178f0cf8f16021a4a39189f833336e56a6fc3f7c38a9b6be94c97c89c4e6c585dd4e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD50c6eac7bd9ce19f108fa8ca66bc4c4a2
SHA121447e3aa73968122fb7fd321ad71ec478b28d0a
SHA2561b6471a1bf29bd2321324c9eba89fa683b903a2af902290128765054a772fed6
SHA512ac22af43c403c1f1a4228001b5367533c83f0488e798e783b6feaea00075f96b5d8b1f5ac73babeba90f57fb3d203a472abfb7cb7de79423955916d68823ce7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD52a44c6b668867931f25febd92c01ec1f
SHA10f8ff64cbcfef51e79e5e8a6386ec4c3eb80ebd4
SHA2569667842e9b96ffc1a9f889940fbae7ac8cfebf1d84810074ac537ee5f4d064b0
SHA51210d629e814c44eb97f090ceb89fea3fe2f5ac71fdf08f4374618d3aa2f100475428fc080e9d72c7b6a084ff26789d4e3ae8f9fe26fcc756ac01808e2c33e847f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5a38d220bf3f24d63d74225571b01254b
SHA1ecc5b758c550009cf35497cf7dcdcef94732f51d
SHA25678dc17f0b07027eb994c9bf3946951d6c494612a68cf0db6f6dc1399771b371e
SHA512ea0b7cc9ece9f61fa490f835829e7ef35b3f173826656a0722e6dfea402fcbbac08e602efd1763698813a543390aca838cf6b1d783a094d5fd7742aeedf83ae5
-
Filesize
2KB
MD5fac4265302750c4a93b87d00deb0d8fe
SHA17f2613e1f5d5038923255efa4518707e54e1f529
SHA25685a88b53230e4e7b62652cdae964fe90a252330665a248e2ec814caa00dbf786
SHA51282a572e4a042a15a2ebf94804a437ae535582a0384dcdc7799e947c3d800ffa48355b46aea4fb34c0e2146589b55597b1cf14948c0d152c081e1c8090ea36a4a
-
Filesize
1KB
MD5ebd7026293f6ed9be3381590ef93db4a
SHA120b5f4067e3d05bea9b6f9a2c4b3f2b8e5fd8e92
SHA256b672c77f715c0c4cdcd60ce67ba6e549e9da819a67d05b58082d90aa953d68e1
SHA512bd12c9293e51d5af04f0e213cbfa3272bbd6fb5fce533cffb719a3381bbea2a1e53e32b750c4bb6ed426bbd493519bcd0be44314568db8358d3f38d523f43c73
-
Filesize
2KB
MD52ff0aada83a2a091d2f27888ded96900
SHA12c452b392e42942feb53e369edc874c1f992e8dc
SHA256106dcaba9fd167bcbf8a9850d287f46b62beeca0c0cd5efc639eba7792f96f78
SHA512ac9858fb346b59a903b818721ef5cc55860de9666060548cb9ccc9072bf0e97de20235b94c1eb06c85e523bfa896141004bc260b4eb19ca1bac4f8701423162f
-
Filesize
7KB
MD569a7dac6aa1696fb2e418ee6ad20be81
SHA152747ae3f655c8b3409a55064e7fdc100cc703f7
SHA256d3ab399857d7ffcbf645d9eceaf2ffe480969531e4ba8a9a259885cacda95336
SHA512ef1f6c268980e41623deb90b2a0d2c3f1d588d01a86b688377035c2b92e55e04a0557a861541335115d32efdf60b3b364680491b6a43b1378f210d53f62ae973
-
Filesize
7KB
MD58641dab8b8e208c4b12eaa5afdeb636e
SHA12215d73a4631426306312c50c7ebdd78509fd05e
SHA256d6d1837c78ea104c9e2134ae4c9a9186dcde3bdc6b043e8b2a35816c837bd8d1
SHA512c50ae5045610e20b5229a3b1f6a039bd6a83461d4fcc6c673e8792ced2b425d8b6212afb220b1f7792fc98b673ebba72193aa844f9d0460944ee3e9cd9e80065
-
Filesize
8KB
MD5a4a19c5073219add70d4347f2d197b72
SHA1c96250cfd8d2cd69c539cf8618480c7ad2d2862d
SHA2560ca42f66a37e645bd78e15372207c45aac9b416ee3ad3b3af21f3599d2fd266e
SHA5127858694aa24ad244ceb1ff98caca9d4a5d8a8d40593691315e60277599ab879b60621f7f9fa59d1f1b56cec5d21be56ab85ca1d6942633f24ebe7652e4a61632
-
Filesize
6KB
MD5a0a40344c8390943c2fa510c57eaf629
SHA15dae940270463d10d5c49c4e6b9f4de373bf0bc8
SHA2565dc0475ee370499df90d7cf43a1a5ba7cb4698b07ff2ac729ba04830d76eea08
SHA512bb8db0e925c4161209b9cdce4ff5655b8cc2c959e80a7d99b2ffb6a6e52f20da2f35d65397e82001d28833a5a92c2775809f0f27198018e41e5ee8c452cd5348
-
Filesize
701B
MD531f4bacd3f6813d020ade7b11c1cc559
SHA1bd9a13a152f4fa4211b92e00be13e0a24404ed50
SHA256f21c13f9f5362471f35810356b658a437ab634814a396a9131e12f9a0255f6a2
SHA5121fbe6e6a3dce7332878c6032506888c4fda9e22558ebd09b555317684584199cee7116555791bbeca5df148ba2b4feaac293fb0c691584362696c12dcd6315f7
-
Filesize
701B
MD5bf74146c64438477bb24e06a2f42c20b
SHA1402ef5970f3275f07c15e70ba06ce6fd4e15492d
SHA2569b8cbf52b344266207bdbc26e09c9330b59433195c454a8f2d6883792b3dcc84
SHA51211a6cf37f60c5e8e0f206d309f41e2a304c2d1861bd9e9acab9844a77f348a2f12b73ff2c40b19af97a5f8b6384e446f6e8caf14d49615a39e13ff8c05611ed1
-
Filesize
701B
MD5e37d33123520a44b9a7098c211c04e85
SHA13f8e0fa71ee8b398a054861ce9065d19332c3594
SHA256e26f4bc3861e734752521b8497af14a85b077613ac5291e0c39fd007886df20a
SHA512b2ad11707ea0a99cb5688a2e1a1ea862d4d0d1fa1cc3d7bcceeb698070831a0bd97faee2b32efaf4a6d2edd8797f46a1368572a31066f80768d97bade8420610
-
Filesize
697B
MD5042b8b12a1f4a4e13ea84ac554ebeeac
SHA1c7015987d2e18b33284cda28978139a239856498
SHA256ac58fb86115d7eebf0f6d9afde60f0c907a36e37ba9698baca8f487ccd89cfad
SHA5124f96055d35295178bc30d7f948ad2ca4cc672e00b24b7cc9a0a27d8ef0bb1783ebceceeea1c18cd8f68492de89239a0fe11321ad7b6a2af511c00f596bee3eaa
-
Filesize
1KB
MD55b809327a7bdb132204055a8eb952d32
SHA11489c0276416809c84723e0185a3a2e44f54417c
SHA256e238a64c9c389c52bc48e52e4f55a4dda8923b93279cb0ffa83ca6cabf066c84
SHA5125003ff2c95a840ea347b8c6f4fee21056a8ca87d4fa631f81d772aac7be7d0839df1a8d34331b574819c6c36d7717a1359461ecd8dacd5a7006dd78d59ecde2a
-
Filesize
1KB
MD54ef0f3dda2363c64a3ce9e5f11edc29a
SHA1b3968e4d35c015375196613bfb182b91a0de4235
SHA256955d6ed781080b9096056b332cbda0d24a19f02e8af62a62f7613fef8176b6ef
SHA5122e5b9813096f74c6c9dc4ed70d1e50e1a9bc1b042d5674404306d17ec3fcdb5407b093127fcb62d90d24d4c041dd13e3b1b9c749e106953653e2f9f93bce835d
-
Filesize
2KB
MD501e5dc72ebb78ec44f46c096753f2206
SHA1b9da4dea391bf78f796062af4d3172c190930f88
SHA256fbb25dae6e27724816d40ad0313e0dc41c14047ddde5442bbb9984b330550aa0
SHA5126d594600111ad8c535102f60989c813c596fae49384c5aad6daa8b4ba704d9328028794b138dd6aa2f5d9da5eb59ff9c68614a2413755fa39f3a49d284535f76
-
Filesize
1KB
MD5f69fa7aaecc6a3b942b8ebadb92a59a2
SHA176a122a0c10663d4f448a1184945198eb16a5d92
SHA25620566956d8b80221a5a748f62cbedbdf44aa82cc5e4623dabf9561e010b9712e
SHA512898b6ae63347eba3ff35c3e4666bc5bd7faffb32d5d81c526a0ae76d3a188d960266b13dfbf75c969c8edfc88091385ebc9b8751b92ac07c666fece2e424358c
-
Filesize
697B
MD5964023d134d8aa92f9c4d86dff839564
SHA143e7bc3ce9763ec08cca34486e327f7d5eb46e85
SHA256da42fde4753830403a493bdcfc16d2b97ea04815d446f9de2d6593334750a9fc
SHA5121fea87d5b64bcf505970567e3156c7a36930c3f20000f226a6e04a385af40cd3f1b7b3ddabdab9c40791f0459962f1231e4ddbf15f8fbeba7e7fcb3cea68f77a
-
Filesize
2KB
MD5348951310f048b47ca96c7fac2598193
SHA1e632621d2017e61d3aa8ee46c0b5a8693cefa78d
SHA256a2fc28213195df1ccabd82638ac4740b1d14763c37f75e7207d9c7c6bc2a64a0
SHA5123a91572207fc639dc4e941126ebac0d6e6bbfdaca1099aa9a3376234766ff114151e5793a3e1a14399ae0d5c76f05993176dab8ef2259038af335637f17f6ba9
-
Filesize
2KB
MD580724fa4b308c41cbd3c871a9377e9b2
SHA1cda998bb81df0811751e58fbbdfe8c4f4f048526
SHA256d90cdb31acfc53b738e14e4710343e4b27827009a2f4ee49884cfcea2974582d
SHA512a76aac12fdc1e040a4e83ce21badae90e2edc0ebf9e42755c009b8bb59cd5b55eab92e55c9083e0f62c0fcb87b0ecc5ceaf970c23582e1b2e0ff8f281359a056
-
Filesize
1KB
MD5541e70c3410bacd4abad99861d133cf1
SHA1fa39e67da99e0ee4a53144b1cdb759580b0cdc6f
SHA256cdb0003e73960619f4ab4bf112052bede79c35455de331168482ade35e67f369
SHA512e997aa6aba20b61fe84dd971eda3fde8d22290414fc2ee563d40fc92de8b500640014b243d869d275a436783f11885b68d0ae4948300ae19981068edaa9aa378
-
Filesize
701B
MD5fb4e549bbce053fa24507bcd98693b94
SHA18a6423ef654422b5aa83629f33b7dde61a05d83f
SHA25682fb84d375516b9b7432c3f828a507aca26e25e4fc5e80aa68bc9acd228c7d1d
SHA5127ad737d3fa65ed81b231895e257584a43e5b24d8bdcb0ca70c299dde9ca185153710206bcfd0b384719fb8373d2eab50cf4858e9d182926641d89c9ee9e9eeb1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f33c4f8b-21fb-474c-ae75-bf08ce7a7264.tmp
Filesize1KB
MD5bd8feda5d03cdcd0ea029860d8d1a3e5
SHA1a8a5bae3331e27938c4315bf5b168310c063c8a5
SHA256b51dd1ccb7a53a3171aa6ff120b400dc1ca8fb117df79243dd6d8628250a33d5
SHA5129af5afecd3851f4f7f5845849643ed3ac8af0640863d99cd1dcd1da7223eba72360402d55112e59891881db8227ee854d4b37104dd1b605076ebf845c4e507f9
-
Filesize
11KB
MD59ae699a699461b9a31e58985438c7545
SHA1827fd5e4854201843352810dfb8d505b253614ce
SHA2563d623d8ac60e9b68adec67ef3449cde56cc7bf558f335f044a7d1cd1bbc5a12c
SHA512454bbed13d96b0059d98fc79bb374a9f2f528b331bb066be0ff6f3933237838793603ba17c5e2d969e99bf3df4013b04e4173a6abc5e2539cb05ea9410a2108e
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84