Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system -
submitted
30/01/2025, 21:07
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
flow pid Process 45 4960 msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4960 msedge.exe 4960 msedge.exe 4744 msedge.exe 4744 msedge.exe 2376 identity_helper.exe 2376 identity_helper.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
pid Process 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4744 wrote to memory of 4620 4744 msedge.exe 83 PID 4744 wrote to memory of 4620 4744 msedge.exe 83 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 3120 4744 msedge.exe 84 PID 4744 wrote to memory of 4960 4744 msedge.exe 85 PID 4744 wrote to memory of 4960 4744 msedge.exe 85 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86 PID 4744 wrote to memory of 1424 4744 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://picsmartin.click/?param=roland+d50+vst+free++mac1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1cf446f8,0x7ffe1cf44708,0x7ffe1cf447182⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:32⤵
- Detected google phishing page
- Suspicious behavior: EnumeratesProcesses
PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 /prefetch:82⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:12⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5487751057622564725,9909849828318896411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:2632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56a53cceb7a396402c1eccd08dbe38a73
SHA196e06029b79791df1b1a0a7cef7508a5c44d13c4
SHA25631c8ba2ce8a088515e4feff78968e8916c759331b7428421a990cc349a208b51
SHA512bda381d092d0272a19350a66533ec0fac2efccfd26fc87695a8270eb3d4abec01483b31dfae75ba3f128623454d471c9e948c44df478edbdb6b5a15377637036
-
Filesize
152B
MD5a451e41e51facc395053e7b74c3490d0
SHA1c866ac24af529f0265e99bd88529da46c9ff6dcc
SHA256cc33bfdf9c856a2e9e9aa8eeddf9723a0396fad82b0dcae7a408bb4c84fdb584
SHA512553489450d55d7adb9c859e521d0e46961490e54c533c826adc8c546ca0b51ecda82c159801bd060a291e724355c6d4fd2ee603ff65d4a15603f34f1472664fb
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
214KB
MD5ba958dfa97ba4abe328dce19c50cd19c
SHA1122405a9536dd824adcc446c3f0f3a971c94f1b1
SHA2563124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607
SHA512aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5720dd5c0e643845be216e09db073bd80
SHA1af63870045ca23b8bca630664c89821ba4d423f5
SHA2561f31bd2e4d3ff29e800772c7ff1a2742f93f9b3bb119e18229dab9916923501d
SHA51219b1513c29fae75b8cce0794084dfe2eb72b346cfa3804feb132313e2467f6e8656d1ba796e62bc44aa0b35029edee8f1475c1875a24ea2e40132eceb7841630
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD542171c5aa7d6611c29a55e38ed0d9edc
SHA1507d207bcc87dabc7c078c7111dbed7781176bac
SHA256d1a93888ae7d235c176f4c110a3bc9cab045f87bf2390d7b65c5fba8d9ad0509
SHA512e5ff6a7a2b3535ff8ef1bb4ac35b546dab48e96c564d070ac218d778425bc9478845b2c0debc51a896aeed1a5d906454577e0eaef880c54c76c6e9094240c590
-
Filesize
2KB
MD5b1bebb19055b544cdac02af23aab953b
SHA163ca3846e5450b94c94d87664df190f2c6797fb4
SHA256e4b3406ef5807daff03bdbfa0ededa0a4acb3f8ee9cab09d4f11f141e46c05f7
SHA51225c81a1b35e2526f9d114f0c4f3932e2e6aab8ef54912389687858f14a08cb2945e22fe640bbc77fa67103f19e3eb23fd8a1c75327866733d9cbd9a1529ef911
-
Filesize
7KB
MD52e39c2502d5fd4c5d28657e3b6a26266
SHA131a859e970a5404fc2f806c604a465687bf9a533
SHA256a082e7774e39fb6c096a4c270b17913370edadbf83625d0b24cc361a6c5d77c8
SHA512015e9c3f5aed670a56af8d5edf9313a74a84d3455d08a25fbbf4f7c8c3d933e181cf4eeaa1ffb71494ab96d288df0bcf01c611393eeaaa9237e4c1167fc87b81
-
Filesize
7KB
MD59c97aa7bde1676a401b165cf215f8f0b
SHA1e4037acbe6bb926ee77b4cb1405d083f78305d9c
SHA25665046c0faa230c9af340e41c21d92c05255a1da40970984c80f97dd97c61ec93
SHA512bf75755fe24e64291a88e1d229af76b00a2ab174d76590d27ce48dcc15b9de3bacd4b21eb1a6be8ab23a65225a47558231e2ba87e183fbe7eba9841efdc85090
-
Filesize
8KB
MD5e201941128eb7833c5599cff5e2791f5
SHA18b0232c93c4aa2d1bcd229db1ad3f320d3de9b92
SHA256b32f3914fb8aeea70c60e1c5c360dba946894d419cea2d4bc8dbb3f9926c4602
SHA51260725f5d0e7d1a760c75dafe4df45c16285d3e371a8817fd56662176ec09a064b3e4615cc36d4bf96bec277d8c368f42a69cfb8a58f54e1b1dadcf6bdef858f5
-
Filesize
6KB
MD544a6299fcb58d6da4e44062b347afc61
SHA17833cd1d382a4469106987b2eb190ed93c46b3e0
SHA256ead206986f83c9951e2ca71096f4b1a4e31b45f73a3dcedde2ac4eae29e6ca10
SHA51205fad6738c4ffc6417240607163d1a5d8f7970ea05ab8896242b4e822ec760691eefc5a102298f724f5693dc1b895fbca5a0f01aaa6676f4e08384d6ef587d06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5395fbb58fcfbb9f7cb5b6d309df04fa3
SHA19712d8156f266f0a09149cd7df94c40c86e0f79d
SHA2566c1665f31c3a9ca5125ec090ad251d8ad763c5c445034fac1f567d918c6bd84d
SHA512eb7a3c559cf436751a2a5dedc6cee291d19b40a6e0f3c9dd3ab226e0698a83636610a49081f43f642dceb95c6ab7984311d9e3fb8d3d835c7792462d36bbc978
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b82b.TMP
Filesize48B
MD5ffed3090050859687dbb65a3028530fe
SHA1e3598820c99020a054f11689e8b38e429759eb19
SHA256b0ac8ae19f6ad61b209932d2aa4c29c72fff7df17483f667b9fb8026e7aa2a1a
SHA51263b1ab1dba67c9310c64ba91b3aebbfc4ab324f7382cc8ea481d18579dbe2334a55826f398c9bba7f977d8d905968954176838cfd5aa3a31204da02825f8de37
-
Filesize
1KB
MD59714e10fa4a57541cc2431f7aac200b4
SHA1c1511c7634bd75c43bda7ca4e38230f35b67ceff
SHA256f887cb9b841a9cf1e4ebd15abd81579860be4d98aaa50260f034fafcba254be3
SHA512d177faeea80073fdc3d7c54c7fa992feb74e45afb36f94b0c46d6cacfd095fdc6e57faf6f141f2922fb2ef3c167cd8e3a8c967e1cb7eecb5dd7b9c83555bc695
-
Filesize
1KB
MD5eec13aa56469e5d949e5abad1320dbad
SHA1cc9a4e4062260e4bf0746779d34ced8264778a28
SHA25622b10b2852bf7d745c6fe8c61896dc0bf2b8958c221b30b38376c914039b05cd
SHA512c55c74b46245180b66e2127b38ce8cb8e94dd86f99a803183f37285057151ec468a1d1d17b68d951d81465edd10706aa7538bc6a203351abc36b8e7458f732d8
-
Filesize
538B
MD5008db1ab6293a73f90eae6d3440b3891
SHA118b93b19105869696c75433ef5250f8848331fd7
SHA256eabfc4965b2425b4ee5b18f821f867c90c1197d67d2acc7507b3fef95c0ff8d8
SHA5123cd08b842779626cdfb700bf3c67a5f0b2e53ecb199c1de0d06e0fa15d84db7313b97e8dba74eaec8b9649ed94d8383a0ba40447c31ff031d0b918b91ecf3bb3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bd33bfc3-9dc6-4bb7-aeb7-da5a6d85a4ec.tmp
Filesize6KB
MD5caec3c16512ae5f39d7f88489a6642d7
SHA11ef3b0d823191b4ac59f5e1693a07c4aad90f54d
SHA2562e182ccc9cef8c34bea6340240e742731b2fda501232d4608b964e2c4da0bc0f
SHA51242278204a66c4ced593f4360f72437ba303635bc99d07ca5ae6cbef80f543b21bd317c3ff58f1bd8bc66965350a73b17e44d052dea11dc3b46c2f4b1f08f4fa2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
20KB
MD5e8e1f8273c10625d8b5e1541f8cab8fd
SHA118d7a3b3362fc592407e5b174a8fb60a128ce544
SHA25645870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44
SHA512ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24
-
Filesize
11KB
MD55c9819039005e3166bef26c8cb867e97
SHA1fe2713d01c0e1433c0423deaff422228880906c1
SHA25670f8d317af2253d3fa92783b307229bc0f4183ae3e4360ff22bda6d8461ff0bd
SHA51235bfa0b4fddd421f09a6494bd795ab3ca1cb6a9464e96e064db5e2cf5ab5d958c888deffd885299d8dd06c7113502d260126e6ba72a007c76beaef5523c5a6e9