Overview
overview
10Static
static
3__x64___se...ep.dll
windows10-2004-x64
1__x64___se...fm.dll
windows10-2004-x64
1__x64___se...sh.dll
windows10-2004-x64
1__x64___se...is.dll
windows10-2004-x64
1__x64___se...is.dll
windows10-2004-x64
1__x64___se...er.dll
windows10-2004-x64
1__x64___se...it.dll
windows10-2004-x64
1__x64___se...ui.dll
windows10-2004-x64
1__x64___se...el.dll
windows10-2004-x64
1__x64___se...nd.dll
windows10-2004-x64
1__x64___se...eg.dll
windows10-2004-x64
1__x64___se...vc.dll
windows10-2004-x64
1__x64___se...ip.dll
windows10-2004-x64
8__x64___se...or.dll
windows10-2004-x64
1__x64___se...um.dll
windows10-2004-x64
1__x64___se...ui.dll
windows10-2004-x64
1__x64___se...up.msi
windows7-x64
6__x64___se...up.msi
windows10-2004-x64
10__x64___se...PS.dll
windows10-2004-x64
1__x64___se...pi.dll
windows10-2004-x64
1__x64___se...vc.dll
windows10-2004-x64
1__x64___se...ge.dll
windows10-2004-x64
1Analysis
-
max time kernel
142s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 17:49
Static task
static1
Behavioral task
behavioral1
Sample
__x64___setup___x32__/TapiSysprep/TapiSysprep.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
__x64___setup___x32__/TapiSysprep/netprofm.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
__x64___setup___x32__/TapiSysprep/rpcnsh.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
__x64___setup___x32__/TapiSysprep/socialapis.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
__x64___setup___x32__/acledit/BluetoothApis.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
__x64___setup___x32__/acledit/DevDispItemProvider.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
__x64___setup___x32__/acledit/acledit.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
__x64___setup___x32__/acledit/printui.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
__x64___setup___x32__/dsreg/dcntel.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
__x64___setup___x32__/dsreg/dsound.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
__x64___setup___x32__/dsreg/dsreg.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
__x64___setup___x32__/dsreg/sensrsvc.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
__x64___setup___x32__/pcwum/AppxSip.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
__x64___setup___x32__/pcwum/asferror.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
__x64___setup___x32__/pcwum/pcwum.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
__x64___setup___x32__/pcwum/pdhui.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
__x64___setup___x32__/setup.msi
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral18
Sample
__x64___setup___x32__/setup.msi
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
__x64___setup___x32__/wcimage/SEMgrPS.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
__x64___setup___x32__/wcimage/SensorsApi.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
__x64___setup___x32__/wcimage/netprofmsvc.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
__x64___setup___x32__/wcimage/wcimage.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
__x64___setup___x32__/pcwum/AppxSip.dll
-
Size
268KB
-
MD5
577dbb84e03e995d507840258c52913f
-
SHA1
cb1d426d26a3e966d29a6a28f94ed5273c21d759
-
SHA256
c8ed0608c107745d56fcdf34cac855602c65dc1a612c173f4057cbd30fbf2058
-
SHA512
90263941720d4498cfe588ecc7c713f04ce2431722b918859c555041be1823ace5163306c3e273e92fde0d472b3bb494acc37b26982a269116b64ed13aa396cf
-
SSDEEP
6144:cTXUiOy2C35UKI+EqJNLo/AKjJIcLIT9mAD:cTkFy2aI+FLSHjJIcsR
Malware Config
Signatures
-
Manipulates Digital Signatures 1 TTPs 60 IoCs
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\FuncName = "AppxSipVerifyIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\FuncName = "AppxBundleSipGetSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\FuncName = "AppxBundleSipVerifyIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\FuncName = "AppxSipIsFileSupportedName" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\FuncName = "AppxBundleSipRemoveSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\FuncName = "AppxBundleSipCreateIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\FuncName = "EappxBundleSipGetSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\FuncName = "EappxSipVerifyIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\FuncName = "P7xSipRemoveSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\FuncName = "EappxBundleSipVerifyIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\FuncName = "EappxSipCreateIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\FuncName = "AppxSipRemoveSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\FuncName = "P7xSipIsFileSupportedName" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\FuncName = "AppxBundleSipPutSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\FuncName = "EappxSipGetSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\FuncName = "EappxBundleSipPutSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\FuncName = "P7xSipCreateIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\FuncName = "AppxSipPutSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\FuncName = "EappxSipPutSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\FuncName = "EappxBundleSipRemoveSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\FuncName = "AppxSipGetSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\FuncName = "P7xSipPutSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\FuncName = "AppxBundleSipIsFileSupportedName" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\FuncName = "EappxBundleSipCreateIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\FuncName = "EappxBundleSipIsFileSupportedName" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1}\FuncName = "AppxSipCreateIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\FuncName = "P7xSipGetSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\FuncName = "EappxSipRemoveSignedDataMsg" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\Dll = "AppxSip.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{5598CFF1-68DB-4340-B57F-1CACF88C9A51}\FuncName = "P7xSipVerifyIndirectData" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6}\FuncName = "EappxSipIsFileSupportedName" regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\__x64___setup___x32__\pcwum\AppxSip.dll1⤵
- Manipulates Digital Signatures
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4240,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:81⤵