Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
281s -
max time network
285s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250128-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
02/02/2025, 17:38
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 49 api.ipify.org 51 api.ipify.org -
flow pid Process 179 2320 msedge.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language luajit.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-950679536-2019665560-1662069516-1000\{2E21D68A-BE2B-4EBD-BAF5-80D0979E0384} msedge.exe Key created \REGISTRY\USER\S-1-5-21-950679536-2019665560-1662069516-1000_Classes\Local Settings explorer.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2320 msedge.exe 2320 msedge.exe 2492 msedge.exe 2492 msedge.exe 1064 msedge.exe 1064 msedge.exe 1984 identity_helper.exe 1984 identity_helper.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2492 wrote to memory of 5100 2492 msedge.exe 80 PID 2492 wrote to memory of 5100 2492 msedge.exe 80 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 1488 2492 msedge.exe 81 PID 2492 wrote to memory of 2320 2492 msedge.exe 82 PID 2492 wrote to memory of 2320 2492 msedge.exe 82 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 PID 2492 wrote to memory of 1060 2492 msedge.exe 83 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://linkvertise.com/1208172/solara-bootstrapper?o=sharing1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff952e146f8,0x7ff952e14708,0x7ff952e147182⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Detected potential entity reuse from brand GOOGLE.
- Suspicious behavior: EnumeratesProcesses
PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5404 /prefetch:82⤵PID:700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5036 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:82⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:12⤵PID:708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:12⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:12⤵PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3552 /prefetch:82⤵PID:1232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4440
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:324
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}1⤵PID:1696
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
PID:3372
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2680
-
C:\Users\Admin\Downloads\Software\luajit.exe"C:\Users\Admin\Downloads\Software\luajit.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4380
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ec94745cd72f974e0497aa41415bad9b
SHA1d21ff8668515f2a51aa6a746b3fa15336fc62b5a
SHA256af45c7c9220e3798ec9208de192ca021515dfba1be3caa38836c6d6d5d3d75b5
SHA5127ecc68f20c8cb104aacdcb02ed78225d55ac97fe617acac03a4da1650e0066993660cfc9d9d164a71f4e4713f11754c1006c7a43d3462bd41b9f3775a7dc65ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5bd5b8a062e8a284697b3c536a8c2dc14
SHA1f46c7bc07c79ac9d8f65a83349b06d03860cdc20
SHA256d81f7985d01f0aab1499f25f8772f97da44f35da93e54a9c10ba533986923bf3
SHA512967d5c08d14b526ff8a02454c4479c0fd007795c1974f87279358e11ade9015352089f0c816dfad2a5a12867e9e100afe01004803ee5dd021a7705a0b52fd447
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize696B
MD51f8a2d7991db3458c9a87f718f306658
SHA1f635d2482c6e3ed3da858750748095d27d913883
SHA256e8158cfa96b15dfa5d531bd0c021bc8308a439f006dbf941a673d8a8629570fd
SHA5121d87b626d219bf1e9c211909a3f1b8beb7ce08f8404ec6ecbc5ce5da8b27718ec509c33beaf695e9cfd903c119fa34cae0bccbedaac1f346cd2aac8a5ff81f77
-
Filesize
4KB
MD5abcadf9d54b48db5d0b14f3bb9df12cf
SHA1511ec0fbebfc949e8e98dddd5989e51522d20689
SHA256b52ce203972cd9de17f44dfbc60e2af2c24b04d25f82fc221e6e65512f0b68f4
SHA512afbba49e11dc173b02b0428d5a971aab7f455528ccb4c77ded375ad565d571d8a7629a7d8e08cb78ee7716924345eee965d44f0b0419f6e5589e92573628b541
-
Filesize
4KB
MD5964fd19ddbcc20a82f40273a9c6eb63a
SHA1547727ef2545a1dd4d971099d5d5108cff0bce7b
SHA256fe7a13f3b97ea6753122502d13347be8c0e869b0392a5e1c03866179592f3deb
SHA512d7194c2f2155ae23f89e1655e4331a890e3ae3b4fe45ddb2f5aef464094bb2198a03d902f18455f5a307319b98cab42d7eeaf43803e8828f615cb739c729d55f
-
Filesize
4KB
MD5ca4f0be915ac8128deb022df940b139a
SHA1fb559fe7a03570005a0837293e5a1eef8c94eb20
SHA2563354b8714c7fd83e644b7915042d88b3ba2616840a4f9d21fec1920011a40ac9
SHA5121c7aa42072b098cc080112b6ce1a3cc2fda876dcbf22037d31053d7729128b1c089757e086ece7108c879b1a1ab7dcbfc93c2c6ba7e96376c132104487787fb3
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
7KB
MD5c7470c4bdcb39fa0f32469696ecb34dc
SHA13907437bcdefbb9f1db25487017da0aedbd17dce
SHA2567c03a1e83930c7a1cc58b8d95b930ac0571c5cbfa60759fbd29e23034b393929
SHA512cb44833d051a245fd40a575ab4a7be4321e04c036e5c8551bb56f16f9ad90f44b23af733ab3d9fb2629f1c2f14a07266fd1fec2c7f1f863f5b43993e087a6662
-
Filesize
5KB
MD520c63ad75f2e339d14e7d56d050734a3
SHA17a7d9abf8e248189e28503c3606e0d744d365725
SHA256962483c5425474b992ea33e7e64c404fb9c1570d84e230e108d797ee16f6152f
SHA512d5439f86c01bf1141b0b823aca524316367412d020eae2d8bd664cb118be4c9599c37381f9564d493059e1a0c264d5f6ce06eb17cb4e17d0ee66527f5df4c98e
-
Filesize
7KB
MD58640786a6836a776d1412bd7cd2c0101
SHA1cce0d5084e530126ef011aeae063906d12e07485
SHA256862c5072cae6cd1b8b2bc1624b4e1ef16093667a04a3e148895132d640cd383e
SHA512679505a83ee3f876ebdb30609219b9a68d7fd22b0038d986340ad3f30e27997559ad13b9404385e179cd40fb6593fd0c6135c0a13caee1ca8c4098c46f616ffa
-
Filesize
8KB
MD524d1cd07590111196ad2e96f3be2733c
SHA1b02fce6547badd094bd6a7774e259b26365b9b1f
SHA256cec3236687bedb34c5198f3ece4d8ae5d71a5810849462992f72ba65273d8898
SHA5120ab6834baf6199e9b465f2db9cc4b395c401a62213bb3e496a4b8d0c0aa7cc75a8993b69c77df71b3155d57c5a3ec01b31443fe2cc84e806b805cf977cea47d2
-
Filesize
8KB
MD5b861a1591c07872b92077945131c8d95
SHA1c8df24294da9c4e015d4e70136e04af79bd6556c
SHA256f21b5a0a5b19c07bfbb1d71696abfa727368e5a7671ef51809e165a9896473bb
SHA512be025a02504ffebd8d7deabc2805f73598b9490b0a26e35a439c4a20f8a612145afdafcd95a3fe18d4978d56e57396411a45183539dbaf121925f18891d47ca4
-
Filesize
24KB
MD5f30f41bae50b3dabbb78f69c9518c0f2
SHA114b8aa1ee51cc63eea45dc505e153207cde85d4d
SHA2564b51b9f499ede272899680cfac161ec2ccdcc34495b9fa4571bb9a84c32c9657
SHA51280ed88566c3dde7b9c5578f60d8e71f93c39646d226c63deaa439f279ac3f6535ab2fe2ba8dc689e3ba00d6900069ed10f9a9ebde8e4dcda44470fc67b05db00
-
Filesize
1KB
MD5c419a65e37da1e53a7611bcf9c653574
SHA1a033d104ec9f571ffef84f60765b3727aa975941
SHA25646fb7dcbd8f86af5d5e18da66c4bbb7664d4dd0a38990cefe1da512b8e4a5c37
SHA5121b8f66c70d22123e94d032a9a15ad7fedc55f9eb9c691d83c0f1d1859df05c8ac6d98561340def68e6e9c7742d11e0e6c5252ea50ff9f2726ca73e0aee9dba51
-
Filesize
1KB
MD5acbf94a718f47dd6985243155759d147
SHA12375fdd6dce474364fb432414dd5eddfa44a55b1
SHA25672b8ac85edf55acac7b4203709257f081f301b770662d7ad5669f8908fb95fa6
SHA5124d983e0c0cb5a8752489e4f72842d3eb7fd60d4ede00b4cf9d4a8fc1672b33a79f3a448e81fa708739c7ccd4514c7c036719ab37563486ca4015c5174818ea4c
-
Filesize
1KB
MD519771ddaba7a10a7b0ca9898317faffd
SHA1cae896105be5a4a094f6239b73bcb0b4a28931af
SHA256925a27cd22b6ac26204daf8adcc92934fb1056ba563d095ace591c0968708aa5
SHA51212d42001813be80a9931c985d485eb399cd36f1e783fcc72fd8113f2a87c22d8eb8a607948dfa88cdc465ed847dc1c8149ae51054ba29141f643db543418f424
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5bb0446348ca1141310659e25f1dc5904
SHA19750ac1b4352322939b7d37734d128e428d74e01
SHA25680f31d8fb4b0d9e71796feca385748eac8f40c8e893f9f3046f5f39e9c3bb9b4
SHA512ec1b1359938137326cf9fe607448e27064ba96d45d98510acd9aedb5804ca38e3cbd86f3a880d24eb580d1238c2241acfb4fab42fab27ac4504bba25bdba9c9c
-
Filesize
10KB
MD59daa1c69c357958518bb3c6ae7e08d0d
SHA15841b8d7a10325e119978d1ac9ec8645320bd532
SHA2563d7038f47fabd0db960a45069f28bc18c871320c03be0f68b7e68175bc9e85d5
SHA51202328f482d03dbb2ec9e552b909ed54dd4d30f0c5063b9f59d7340082351b99015a033fd9c01d488ac48bb4b2a7d81b1057367815a9f61160570c8a3108fc171
-
Filesize
11KB
MD5463e705cc7c10bf5814dd94ecb014873
SHA13d77f38a819814da1be10891b09130c50937590a
SHA2567fcd956174e218227625684fe2a582c98f4a943872081df5c1b7f00c7a55405c
SHA512681e2d4b18b80f083792c6f70a66e5efd69ff63ebd4a49e86d23921209a44e2c290520413db2aeb9b376f6e6fed4238ed29182f3864e7904ba85182f457a4889
-
Filesize
414KB
MD5ab79489e9704fc9cc9d8bee4f8e17ec5
SHA1b2e19a89b43d537bb5b02ee9ca2418f027259c1e
SHA2564d71760d6f3159849068b635ab4c39b9b747d899f03670533971a62d262c264e
SHA51260d11ee023b9a045c4b59b88311f001fcf4856e27837a1ffd6ecab0203e5199ee077d85c5217e0f0b94e0bff93b14c3680816b6fbf9d42ee2eff5c23d9a13edd
-
Filesize
349KB
MD53aab4c9294c7abe63bb278102938ba7e
SHA14f3fbe9a1c37aa0ee7ed4d4a2feb4e1af7dffa81
SHA2569a9a534fd91efe25fac592831a2565d33b3cc73dac9a68a318ce079452b4ceeb
SHA51230674520a27a5ac2ebb2904d874dd6df2bd57798bf0a59327e0babf601eddc6b96fa00898f2aabe93f989b8b96eda9c5792d846c43ca9c64d7a76ae2acd6f5f4