Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
262s -
max time network
270s -
platform
windows10-2004_x64 -
resource
win10v2004-20250313-en -
resource tags
-
submitted
21/03/2025, 16:55
General
-
Target
https://jxyserr.xyz/sl?l=8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1ef14efbeb2ffc52411ed881c6eb0da
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://jxyserr.xyz/sl?l=8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1ef14efbeb2ffc52411ed881c6eb0da1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ff97b18f208,0x7ff97b18f214,0x7ff97b18f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2244,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1408,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=2732 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3500,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5056,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4848,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4868,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5184,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=3848,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6204,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6184,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5652,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5580,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=3268 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5864,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5196,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6176,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=4044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6472,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6584,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=3644,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6792,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5872,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:82⤵
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6464,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6972,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7092,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2892,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6256,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7292,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6468,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6344,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3336,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=3348 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2776,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7356,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3564,i,13490492657783455859,1289363230330152431,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118B
MD56e8ea78b63bbcf8e6076d56a4b13a200
SHA14ed655b43d639a095f5dc5aa6b4aa2bc0e97f031
SHA256c6906891b0fc56f40719778327f64e28165fd3f86fa9c199ec2a33bcd647ccf1
SHA512c015babbeb7f94358e4f48bb2e2157e27f7d6266463cdfc826ffe86f6271fd1198bad91dfd5ce1dde2e0412358136138982c38e2c3161616804963da34ca817d
-
Filesize
638KB
MD5a1fbb0296814e30fa4e6710376dc2cd0
SHA11720d466dccd6b64bb839580c6c36c08f74b9c2e
SHA2567c4c71093987705407cdc53acf99584947eeffc828e933a47bfc6b335d646f12
SHA512d514eadd3711fa5c1e51d3128b5c89de7a0f966d767b689bcf6cb1e4b9ce278d5f3d49cb9f0867d4c022c604bd04fe113be67449123974565d35ff47d1f7dc11
-
Filesize
76B
MD5ba25fcf816a017558d3434583e9746b8
SHA1be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA2560d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA5123763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f
-
Filesize
102B
MD5a64e2a4236e705215a3fd5cb2697a71f
SHA11c73e6aad8f44ade36df31a23eaaf8cd0cae826d
SHA256014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846
SHA51275b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99
-
Filesize
53B
MD522b68a088a69906d96dc6d47246880d2
SHA106491f3fd9c4903ac64980f8d655b79082545f82
SHA25694be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88
SHA5128c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff
-
Filesize
703B
MD58961fdd3db036dd43002659a4e4a7365
SHA17b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92
-
Filesize
687B
MD50807cf29fc4c5d7d87c1689eb2e0baaa
SHA1d0914fb069469d47a36d339ca70164253fccf022
SHA256f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA5125324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3
-
Filesize
141KB
MD5677edd1a17d50f0bd11783f58725d0e7
SHA198fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff
-
Filesize
82B
MD52617c38bed67a4190fc499142b6f2867
SHA1a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
280B
MD57b0736a36bad51260e5db322736df2e9
SHA130af14ed09d3f769230d67f51e0adb955833673e
SHA2560d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087
SHA512caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3
-
Filesize
352B
MD500c0b9c1ff6d7dfc365f54e6211dc7d3
SHA1daf3a8b42c907397075d549a533645eac6cef7cc
SHA256a67b75a0c101b178e16fd7290b1e46f486c459ae58b0fccae57503368047e659
SHA5121c26760db8798094dc9d0d9360e9556a63f7de685d4a71c7095dc7e2282da0bc6a83562ea90d8d826225c5f6f8c5c6ad0a30ea9305c8c1f3624cac1ea490ac36
-
Filesize
68KB
MD5a4435ba6879a94b0257595fcd90fc3f3
SHA1e546df9f230426037e3c4b70eb273c0b5660ef41
SHA256091039e148b9c4bc8e65634512f1dce751a307ecf8b96f3224f9289a5327b63d
SHA512991cfb3cf5837df1ff3067c77d8e2fa979f525cb14c9d2f637cce31bb826e338f64e89d0510897a3f1ff51f73537b43b9f1f6e96b2c57383153eeed2582d2e49
-
Filesize
39KB
MD59a01b69183a9604ab3a439e388b30501
SHA18ed1d59003d0dbe6360481017b44665153665fbe
SHA25620b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
SHA5120e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca
-
Filesize
3KB
MD58cea325a1d57a003031f1d8eb52ee6d9
SHA1cd6df7d749b43878df73ccd82137f4d4cc377669
SHA2561379d7242c63739ae3d4d55c4155540591145eb7ba5c2decb2d4b9f31637370c
SHA5129a5f8668e89930b4936f851e3b8c74cb112f78d464f550d9408c70fa9c0928a8e3347c3fa2c0aac3960d899e4b24e9e8c8e3621d5895e218e7cfafa7ec07359c
-
Filesize
4KB
MD55086cd5ad746ddbc52ab13e4cd6eeb0c
SHA1af719105d890c6ba4d6ecceb1a390e03da6c9f72
SHA2568104dbdd996b30c798450638f3a98e26c1b42a2e6a5ab9caba4953348495a3ef
SHA51297fe495594f2cf5689e9e23468ee7020898cdd59131abf6090911e574000409744a9614b9174acc8b217e2b9a2180f9ba85f3696d2f9310fb4f5246ec7f770fe
-
Filesize
3KB
MD5bcb03bacb33ca149d3c9d5efa873cbe7
SHA1ccd1b697a6bb7c409ff7bc3de51dfebba208c6df
SHA256a879141da1e77eb5266aa19fe0ac818d50b5c4869f184169961eb716cc171b63
SHA51273d829ece77a7ff2e70b880922b73f5c16a916676ffae3d1bd400de876e4414fdec901c8ac81894c463dd2ce916d3a6d89e85921fcb2cc62f36eb0cf18e81b58
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
17KB
MD5ab924228c989836828ef987aa9b5d63a
SHA1c4e0ac212b73a87b0dc6f4357e66860c6dab81a0
SHA2561628a82a561e98644571f81c8da2637df8fa6f0b232193eb638a9c30900230f0
SHA512d52d7b260e2ad796eb820f2332b1904c45f5665193e5c1c4fb5b74ab04e913f6cfeab2e888d0a6921870a6036178970854adf0b399d59beb5258b2dc95b0b55f
-
Filesize
5KB
MD5012e7669f9ac73c14a08bafb542cc181
SHA1d98dbcf818eba38278946ab84a8a7b15994a73dd
SHA256e15626d933c5264205d176874c1be684dd9fcd6e4c82b719543e53f517d6d9fd
SHA5129cb44bd2988d5fe250ca85632463afa989d31c9e207d4d921202d66effe139b15573cddd827820ec04fd57c0a72e61ea33a53ab2dc5ea6b5c1c11cbc1d9ee252
-
Filesize
17KB
MD5be8e6fb516cf62d78596efad3d310fe5
SHA154e9cfdda9d52ebfc0680d7160662d5ef5b6bf0b
SHA2560f4c7ef72571acbbe2a92dbf5aaa5b6d0f5cb282728aa74aa111ed2463eb3db4
SHA512adda5cc3dde64aa4efbb042777e8a370513329623157a9aaafaa02bcb35e0c41a7eb5fa9b05c8500f2b4f9ed1f619ed2e1eaa64a17e29e28df2bc78a69957934
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
20KB
MD517e109d8b224912848dd5a4d12bc779a
SHA1b34494bf61b336d7c80bb639c4636663fe5246f6
SHA2565af7a50589645f05620a64a1a72456a9ab150e8f57c6563a29d33e7cfa5d1f13
SHA512dc9881c016b32c5f4146c2eabdc51664996d068cee2b11400233c6eac2103ae1b1748d31ba6cea121f8ee9a46cf551b781ec2d441a5121d8e1ecb776162eb838
-
Filesize
36KB
MD500b231e68fbb31b580f96a4866004e54
SHA183d763db1d55c8882b42d8dad0f24c4c12c89455
SHA2565ffb16a008148b61c9ba7d5ddc6007f2c2155a0dc42f01549a367f38679de30e
SHA512d45197bc0dec3c40f26251955f52bffc64d799b602d5760f67055a6c0ed3ba6eeaf31a4200702fbc1a49b35a23ea4f225d606e93f858f29f76de8a9134b16576
-
Filesize
22KB
MD5cb54c345bd19a6055f034f16678fb8d4
SHA12294b89497a4f66c92906a4ed3e74deeb8bd8399
SHA2566f1e8e7af709ba2efa338490bfe662d11f9b4ff798674286ef0d5fad4ef70ad8
SHA512f910ede146b1794c21ae3d5d890d55041d277c9bd392f9fc9429230361986a181f3c5dec8b8496ce78157460b9a2d3563ce50856ce54acc52ab4612bea505c62
-
Filesize
16KB
MD5048a24d20acfd5e2e7ba169e00dfb184
SHA1df8cce08d3cf7473a53a73c4475a3cc859bd41d4
SHA256a6f24f2923f6825bd251427d7bcac3971c7fa4a3356db431349cc495b93de01f
SHA5122a749da7839351709ebae9b202bf3b141ffbefa70905f39f01fdef4361ccb398092afb4604f9aaa56a12e886f1e1b20c9db723e7dc883351ae36e762a3e6d8d5
-
Filesize
113KB
MD560beb7140ed66301648ef420cbaad02d
SHA17fac669b6758bb7b8e96e92a53569cf4360ab1aa
SHA25695276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985
SHA5126dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5
-
Filesize
22KB
MD58a5d4b1a76c1f8c595dd93a646eac28e
SHA105c8f87398fb2bef14cefc6694c97c925c3b20c5
SHA25603eb6603f883a25fffe692606e8005f7a3e948008399ad0eb623973f3fb734ae
SHA51269150690efd5903c588383127df25dae0668e1c9f8cebb1b75e635911f794c1490f191b8168bbbb5eef23a9b126f26e3b52b875d96f8809383a61ee0a2549179
-
Filesize
469B
MD599a7140b004f85fd2c7c785d279ae1b4
SHA1d7c35b2c05ace76bfe8b5ba05a83786c8d66970e
SHA25690e460f99dda6928c6bc2221d086550c577f570002084a9c4de9d713e282529b
SHA512a405971d6de986bc00194935182e177d0ffb98aeb581a4c9e97e9b0af71f96b8f84727e8acbff05a65b0e8a8b249050f6ae166acb230990e6920f4446ba9f865
-
Filesize
904B
MD57b15e7e7611ecee67509465f2c6d390d
SHA1e70433be38fe3b9eaefe7c0c676d86512cb8ccd0
SHA256eeb4c208a0a35ed482a8594b4334bbfce619a1ca8c298cc3fc2c1e08c55e14fd
SHA512236f1d359835def0a93553ce14b0b1a712a985fde6962b66d915a4c3e6b4f68f783bd19ddef8ea66001d1e124fcb144e097e067d219f6d45582ff0e942570bee
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
40KB
MD546657210a41e3d54f4889f401929284a
SHA1248c639effdab774ac352db8950e141f701d5dc6
SHA2568ba5756ef2568ca87a32bcb4955c8ae9e3eef54bcf4cc9b77a0e376a98972263
SHA512b65b2f21b833b89ceb3b0adedf86ae28fcd718c26461f68137331c25996f34f01372885728b4ff647702b33f52f5e3ccc9fcd011e2745b9a8220d050a5823ad4
-
Filesize
49KB
MD5f84da7293b8947b3111609c401ee8f0e
SHA19beb3e6c4b6173d76cd8aad113e3b128ab73cdfd
SHA2560634a749fecc25f9e7d0027e716cf9f6103cc4006b1d14fd05f039cbe59bde33
SHA5126baa9cab01c7ab5bbc5b4916731942085cc56895064af2743249d9e7816933d45be68f740299e9a0d26572aecc73f1abaaf6e7f7cb6718a7f6eab0cc880916ae
-
Filesize
54KB
MD5c2c17265e4d97be4f0c23240e57e4733
SHA162f063f22fecc6c0d1d4ee0761f3891464cd9a7e
SHA2562d1062c930fdc6a7df0fc649b752940d778add19eeb6008ad3cce61b54affb9e
SHA5123f433e9d77408f5a3b9b300319e26a2bf4727b8dd7663aa75c94d22e675f1eddf153b17e7adf4b0d8ae71f5688fcf4caf22ca5ed511bdb4e29d2bf09caf558a6
-
Filesize
289KB
MD52b59269e7efdd95ba14eeb780dfb98c2
SHA1b3f84cbc37a79eeecb8f1f39b615577d78600096
SHA256ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172
SHA512e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7
-
Filesize
8KB
MD5811b65320a82ebd6686fabf4bb1cb81a
SHA1c660d448114043babec5d1c9c2584df6fab7f69b
SHA25652687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf
SHA51233350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81
-
Filesize
11KB
MD50779206f78d8b0d540445a10cb51670c
SHA167f0f916be73bf5cffd3f4c4aa8d122c7d73ad54
SHA256bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec
SHA5124140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478
-
Filesize
392B
MD56a87015b17d681b5fa3f198f00d45796
SHA1a13adb7ee4a6a7ca11757d7778d09f6bf6ea9bda
SHA2561cc27253228e3fdd10ddcfd78d5607069a52a3204501ca5fdf2dd2a58866ea20
SHA5129703d68d44e79e9a8946b33b20b63cb680aca7ecccd809d78e967f05a8b08a0c7065368e33e84e465652775b25465e4a8f2a535e0eb47f6e22c964f2d1deb94e
-
Filesize
392B
MD5a2683da0c0730028a7a6b8f84810a739
SHA1866ba838811fa966150831a2fef665391977fad7
SHA256b55ab5899cfc58f62e58fe6f292f1de819fd35e9f08b2bd318ba30228ad0d776
SHA512c9a3df9bdfcbdf65961cd759dc2cdc063eea05cb77342743833d5d41681080c7ef3fbd54d2217b586ab358187e21b92feeb92be1d4578217b108f983539583cf
-
Filesize
392B
MD5826936203fde1dd03c09b2220c11f709
SHA1d05f08cbbc03f95115c87b8dee883a51f0a98311
SHA256ba35eb6981ce2572fda2bfbebe06106404a36a6cad79bee1364508431913914b
SHA5127fb674a6f5726f1118523283da66a994f18558633b03af94fc3f0d2c858a8af45b1a410ef533405b4c7b1507cdbeba2088bc0da01deae4c2968eda9903447a9b
-
Filesize
392B
MD51ff89af6db3f25558f2365968ec16c91
SHA1a68d8c55d7b67b123f6086b43b2f711727239684
SHA2563f0dbbf7af79842127d202d7ef8296665e75a898ce6c7d5fa59cc60308dd460d
SHA51267a9a11155f39d82d54decf5fe4b01cc59452ac7ede43352dcd161b296e5141345ad0499f9fd46dd835459d9e99325f747d7f0e2aeed83cc56f3db26b96184e0
-
Filesize
572KB
MD5f5f5b37fd514776f455864502c852773
SHA18d5ed434173fd77feb33cb6cb0fad5e2388d97c6
SHA2562778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e
SHA512b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6
-
Filesize
2KB
MD521408918daa03ae90f6cd6560ccb8d23
SHA15ab7a4a0e5e1daa92260f1f244360705f1eb4a8d
SHA25621e996ef3bd721b9228f538b4f1a5fb8df13a860b33269bdd89931f3e9737837
SHA51274f3f3cddce0124e4d9fdec354e116766a3b61bb5e057270cfbc0c5e049d4d638c2110eee346fe624ac930b5104c7e7cdadd530c5b112187ef51d166583ce364
-
Filesize
8KB
MD5db003094f1e40d34669537936188d90d
SHA19318f4083f5371380f36c767739a602d06781dfa
SHA2564b70314f144e39d3ac0cf0dcabc392b5accb60fab75ed19143386cbe711c1170
SHA512ce62c924aa104a403f1b26c5e9d5ea0f291e751c46c651ee2c27a8969c973ac204d1db240e66361408cff9d0cdfaa151cfd84982fd4c7e5dec7512cd4aeda4b0