hxxps://www[.]theprintershops[.]com/can-printers/?gclid=EAIaIQobChMIu5i3u4_fgAMVKfvjBx3TIwpwEAMYAyAAEgLmF_D_BwE

Analysis

max time kernel
124s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/08/2023, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.theprintershops.com/can-printers/?gclid=EAIaIQobChMIu5i3u4_fgAMVKfvjBx3TIwpwEAMYAyAAEgLmF_D_BwE

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3011986978-2180659500-3669311805-1000\{3430DA89-E681-496E-8B36-EF29AE3F0FAC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
2316	msedge.exe
2316	msedge.exe
312	identity_helper.exe
312	identity_helper.exe
1312	msedge.exe
1312	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2100	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2100	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3464	2316	msedge.exe	81
PID 2316 wrote to memory of 3464	2316	msedge.exe	81
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4824	2316	msedge.exe	84
PID 2316 wrote to memory of 4140	2316	msedge.exe	82
PID 2316 wrote to memory of 4140	2316	msedge.exe	82
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83
PID 2316 wrote to memory of 4480	2316	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.theprintershops.com/can-printers/?gclid=EAIaIQobChMIu5i3u4_fgAMVKfvjBx3TIwpwEAMYAyAAEgLmF_D_BwE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae3e146f8,0x7ffae3e14708,0x7ffae3e14718
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17801312408957000131,2930763196847369397,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
18KB

MD5
f2dbbcd2b74b03e8d96d592f43053fce

SHA1
95cfa6d79e62ee075a59e2e4249f5f1abe119123

SHA256
577053a74694fce38ffb4e5bf67204d4847fc15b967bac9f6bcefa473d2254ed

SHA512
3b91a29e5e754b912f57f610b08b3e1c1b63003bef2377e67c8e7e1b8a9091c9cbad96a4f6b71b018b67b1fb19ad95e9a112f25137a2822c06f770d579164f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
69KB

MD5
a90d7c369b2a589d9034e9a201efe567

SHA1
7afe40e9e4002a2254885901d66451e2ab0994c0

SHA256
7cc054981e642ae7bcbdbc78152eccb11b31a6d922ea1dfe61e749f8985e498d

SHA512
befddc83828674c9993b8912ea83486dcb04389e0d7b45a4e6c19b6bb5e6e0ed2b16d9247c2e633870658697131c094864d3cdd9a2a4c0fb17bb503ad2915b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
87KB

MD5
3c57b7f2cb0d057fcc4738684f20736c

SHA1
d4aae3861d8bc401290a065dc1dfa06f0a6aab96

SHA256
4408d6e4a2e8e3a301a710895c44177ac8db2baba572eaf3acd9ced75c6ddf29

SHA512
7ba4797eaebdc9d5f5eb53486028c899c1fd910db3f1af8be88f218215148f984ff0443c8bf8cf43e0d148fab4ac6a0b8688b43ea303d9932f21287da908d824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
1.1MB

MD5
d176537b736b8dd9d1dbb929555f4aca

SHA1
75e4a868cc196293e5633d512c33d53181a42428

SHA256
44ecfae3b3c8a1cbc23de8b8df9a6321b62d1e71cb28c91fface02224b6d1e25

SHA512
0aeb4fe6e9a6948fde372c7503840a606c5ccc7ea77fd5a3df5d5b32cf882c21be5e498b2239e727a90c458ddee0947d0b6c1f7b11a83942a1876509ecfed9bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
db5417b0cc7612c16f612817c2a6f79b

SHA1
52ad064a864f39879ef51aa9504f2688de4c6306

SHA256
308bca8a2ee3286dacd23f67b895cb5ebe5dd2d15ec74de70722723a9ef6cd9a

SHA512
9fccd3990b3a3f8978d09f78b0de3cb9bfa8cd0697bb601e6f807c82d4d23e1fee31681a5400e37ea8a6a0395bf8844b5b9fff663f9abfbddf73c426b14cbf2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f2aac626fb158c59c9646d041e9ead9a

SHA1
3ff1de3bb973995fc091b7d2b10bbc06a9173280

SHA256
17822217408513e51077a9d645266d774d48a07ccfc0e59a93ddb453ea9f7c8c

SHA512
ef365cc5aa30d2411020a3a58116c947173c74d5d319ce37b610a196d2f943065f3c1d16d0deee3b3fb48668e6cdb9628913778352e48ff92bd0ee7686862483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0ef04b27ff1624b66a14f22ab6b675e2

SHA1
24959ac9dd9ab83e92f47f651907dfe584a0ecf4

SHA256
ea94188aee7f9cf035f79e1483de444f77f7ab454e785b7adaa0d22291930691

SHA512
cf23ac819b63b58f6eaf81ac1b185cc0a9da13390495e166d204d3c77cb7bf1175d1b7fef04fcb696bc6c798ad64e252db8df6a7112340e63816d017d70d2459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04c0b16258ca0504bf570503a72458ea

SHA1
469bb8fec1e754bb0c2e0a54b69156a5777c1a9a

SHA256
362abe255c845705d05c512bec9c337fbf083ef199375332ee2c5a6cd45480cc

SHA512
07c3f1ea3a3f11989a791c7f4e0a772a56d3aa1e8d6e7402bfc9d0f35d788b546a084fc3ee123593141490ff576b2fd540f773f952f0689e328b8421e82f93af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20250288381ec47f50869fced0904ddb

SHA1
5e6a55005d5ba23ed50604d8bc850efb3a20af39

SHA256
3f672227dd1d595287793731dc0f018d7b47a7cf062899b930287eef5098dbee

SHA512
0316ca9261109d53fa17d25f0a605a2ec3f45430d62fa4c787bde83e8c90f5d6d83db5ff4cdd4bb47bc69ceedbc94a4be90fca4680b6bed6eb75ad0095a84212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccf17ec6b5775208e737f54d8ef90e07

SHA1
8b984ad55dc9093bf05cf82e2e3990885f60d662

SHA256
d4a18d85945af5c22fc47b58c4d09aa8009db200f50426334c386a764fe0130a

SHA512
b375e02c04c2babd3bc9fa539c558f2baa58907ec76a44bf2bddadbc224f3509f375a6b0fbd8c191f62a143a13d1b0232f66422d6668759999e51c1462675258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eaf9befcc7e2b2d88f4c32e4c4a5303a

SHA1
4c6cab989e2ad3ece05f43d7de4858140ed8acff

SHA256
2f9ce68e7236ceb8e65ca7a0de7c37e62af8dce7fc9cdcb1f6d32f777185feaf

SHA512
fde4fdbce0c0d657144c1fce3f15868e5be8739580241bffe2cf14ca7646cace286e149d8d9a2f1ea3ab1017bf92cda52ae014758478c8690f82ba0624d60180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
86ccbb25de73cae147a195c456935afb

SHA1
51552e516626aca4b7b5fc7c7ea57d0baa5d40c9

SHA256
8e6774ef6b8902b056ab12984a5beea8554c8aed505ab5134b65ea588e488bd7

SHA512
d4329c4ac944c656a368656239a72c9ee01428c373a9839329719e4b9bf69b2c42769d2891aec3551492f6d676ae36fb15012c379cac33bade63701b866c2e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
34df543ac965537eff68fc66de3eadb2

SHA1
e3a942de11848898e9dfd3e7e872127e49e0dbe9

SHA256
6f83d0883e2497568bb6d7c5fb158b01b5ad88a636f45e44dd9aeabb20a66458

SHA512
fb8a3af82d35eed41bdc5f53dfa507fe1afaf06da93aa05ded13499e472d43e76da9b8dc226b959efc20c01915e751fc3a5086adcba38e84bc66919907410c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
7bda76a15e3ab403ca8e7bbf212775a5

SHA1
519b471d04d4d508362bd4998f0cf1b2601bcaf0

SHA256
ee1af7d6301489434a80b9ca2969461d882f7b754959187128a0077678b6e52a

SHA512
58bd4ea3329e2c63ab7ce1eea5da33d3f4183f4399f91ae2f05b9c63d401dc1d70d2ba13677b257f26f6b053fe3e30a6b804b27ae5023028f7ed6af15514fc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
481e4dde0f96883c38c26f52d8055ff5

SHA1
544f4dd497243cdc49a695b3e1c24102692c3267

SHA256
8a380da98ad8cd8efe15a6660fb25769b06c878d7fbe75e7c0ec2da6b3715f15

SHA512
26c52031fc5d790c00a31b91e9abd5c67c0d3b8a111e57d757beb995e3ddefca8920f423a29de3c87a3d2141953d80a7899043d9b88b566d407f28fc0aba7359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e7c0.TMP

Filesize
371B

MD5
d74a0ea363cb0b26bc39c9f5f3f3dfd7

SHA1
a093ab695528c5e4a8afeaa106142bc085763977

SHA256
f5fb64153624d6ab62ffd1ea40957144b2c835f086932507058c05b2d4fba19d

SHA512
69d58f432af0829031771b7c2ba9f874b8310b2ab85d1d7bc849e6eb42fb96d3dabd471c697520e8853243c9a4a2dd08ca05fe738f00add77e8b9b718842148b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a943d50e984b277f33948b9977388988

SHA1
d64d71d50cdd4205b2a64b366240c8e6d5a0de45

SHA256
268558255915f64ed911a9a65a3e49a8b0ad0f623ac37c72c3d88fa623b087a7

SHA512
97e9548dc7a43cd33215c8fc17df9c1b264b93f63c17732baf41a7ce4bbceb2c6ebd7947b1ecab2d2158bc17f52feb37a43211d0eff08a51302b28ded0857a7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e7f958c238a8943f775eae69c441f36f

SHA1
75a5b8b86c4bde0340458489b3aaf16c3a48d1f1

SHA256
573c4bb24a9cf5f83b3953bb739dc17d8c0049fa177ba4d563435ed116f64c3b

SHA512
c2143b8b1e71df1033bf41a5a8d951067c839b0b958bbaf562ea856e762524932e01f6a6f5907cc1c07bafa10989022fdfc161cda40c2a3f53c1e1eed4ae43a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a94fc09cd3f7843ec0d2e0affd8aeae2

SHA1
53145ad245a6c6355fb714c190e254dcbaac020a

SHA256
e54173e25a28a9c0b2650d00ae1d76929846be4e475b5f548f046f97de85612e

SHA512
be0fd3d7c43bf40965574af43e39c531fb93882a56d648c6c1fb6b3ae029e3d126646b3b70dece027874496ef36fc538f1a5b0b191b99205b995762617ac7ba8

Download Submit