hxxps://caringsuppo[.]blogspot[.]com

Resubmissions

22/08/2023, 05:52

230822-gkpw2sbh2v 1

22/08/2023, 05:45

230822-gfsr5sac26 1

Analysis

max time kernel
284s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20230703-ja
resource tags

arch:x64arch:x86image:win10v2004-20230703-jalocale:ja-jpos:windows10-2004-x64systemwindows
submitted
22/08/2023, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://caringsuppo.blogspot.com

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{C2D72D1F-B7E3-4A15-B7DC-C687953DD297}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
3604	msedge.exe
3604	msedge.exe
4736	identity_helper.exe
4736	identity_helper.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	760	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 4336	3604	msedge.exe	81
PID 3604 wrote to memory of 4336	3604	msedge.exe	81
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 2320	3604	msedge.exe	82
PID 3604 wrote to memory of 4192	3604	msedge.exe	83
PID 3604 wrote to memory of 4192	3604	msedge.exe	83
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85
PID 3604 wrote to memory of 1212	3604	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://caringsuppo.blogspot.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9f6e446f8,0x7ff9f6e44708,0x7ff9f6e44718
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --service-sandbox-type=audio --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --service-sandbox-type=video_capture --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12978842394590611076,15833339992269822828,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a0 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\87b51d43-7cdc-45ce-b86b-40a8fd098a73.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
7774b484632ffd6afd16c79c166fa10f

SHA1
b2ad2a453c0164159da94df67b38036291ef1de6

SHA256
56329fefd5e96a23ec0bd3bec90080331303abc96264897b2ab810aea31ba913

SHA512
4700f2df03e98b03520291e04f0d3d0dd2d269dbcb3447e3f7fe635e50f05726470653de841ad3e92b2c8994bef6ab946ed2d9e9e929f7bfca119e8ab3a23760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
9ebc1f3e376559d1a8942d45e67f05f7

SHA1
c9865a7e4a3bcb033a57ce535cf4d1e774fd5f29

SHA256
580f68b7c349fb996b2d72183c532d629d33b2e4cae4145c38c655e9b1b3ce91

SHA512
10358502d754f3f424c058aaebc8d30f69b05c538607703fa25a6b27a225c6178d1b4b1dd5409283377f70bfd1b692b5c53d35719fa2fb9531242f7e45d20542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
75b30aee0fab4b3af86375645d7b66ec

SHA1
2b6f1307550634467bee6ee678ea9d2928ca7c3a

SHA256
bb0133034b93bf55b45ba913fce8fcf70e46ec76d9e5a4cee2671560d0d8884a

SHA512
0d67a69359e07a6226aefdb6a3c9422c48b4770475d179054b6562d88ae57646dab690ca4d6c1b3827945827171644985d9371c872b65928abb7cf1d656bd5aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7d5c0d663511f1c07ff208d97b52e6de

SHA1
7116f7da0937f87a54326b6b9b41b28d8c244e9f

SHA256
615837ea90d8e36865c5f87baf5c57d07f5aeb10cebc944949d81bde9b0e2669

SHA512
b25951d4e19553fa11c22eee6b9a061aa057e683af8163a40f0cae7ce79eb9cc4323f6d8d7f142d45656a535d808e456678229b489adbb8710322391250a273b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e070d8e37f31fc33e938bad5474bc22d

SHA1
b96858817bd61e80706a1ed5ef0f99de0c33997f

SHA256
c31244abb3c52a48c1aec05f9016d323ec0d2c7d9e0386c43d8921530a3ef22c

SHA512
e30c52d57110d41058f5083d68b96bd7c17223c74668e151ac12d73842fbcae96e5dda0138904f1bdfa0f33bdf92e56de406128fb454da4871c8f8481fabd0d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9dfb8f8d536d0cfabd3a98be3628cea0

SHA1
6170bb75291d14a07f807d4dcc2cb1d1768bf220

SHA256
78098f581d23bd5269f88cf24f93abd64527c5de9479dab5fc9851685ccb3e64

SHA512
f7e87abc69a087d35b336f629a002207e0bb51d11ea7c8c63908f04a767d8a3abeddd47b4fd45b9aab4e563025591769b1f621ab97e8ede8c6b513c7c4933883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
be95bfc7a6de8d43757ffe79a073dca7

SHA1
99a2f2615af49e22f3d97a69e151b116d733cb90

SHA256
bd068482b5ba9b3686c4137ca9f536785cde0a923424de2495a792c01d516f18

SHA512
331f368ec9e3fad3b4d268c513de6276a139f75b296a94deaae400b63c6fa0a70ad8252ac2c2bf4f8ad1a1274b7f15da529aff0c1e73453e3351d1f17670836e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8782abac6ad22c7e35492b163f9fd2fe

SHA1
453584071019969fbdf421ef9406a6f8837722d7

SHA256
8a6aa6285db31fad49efd60048c5ea3f7fadaa231f1c1306e83b2a8e71b85758

SHA512
301d5d56f63d186d01672fe4832c0aaeb7bbd1e35c37100d5f49cdec01e00d38df52886d7195bc57e200d8aadee6651f922aa615d750685414c22cf2ade98660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a9a3eaad0339172fcfe8d5252bb55891

SHA1
2ba397a6408d0e3e472681a7abba621609b350b2

SHA256
e8eab4ddbaf59451cb1e98aff3a0fc118f7515e9ea1050fbaa600032677895a1

SHA512
eaba7f63d48788539a441e6448cc1d991f0308c4387c00f9ee20a59eb704a2fce2c1e14e6f46f6593b6f2540c5621dbfd4047015ee23bd10f1fa251d5a70030f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8bb3ca184f085a1539cf5e580dce3959

SHA1
2144fed4fe90284d656ee29871b062879b778eab

SHA256
41fada919d5af5d16c9c4578adbba4dc07de23e46a5a223b04880638d502cf5b

SHA512
d77d015f34f539246753eaf57f9cf51c45d72bd08fe028fd2dc150b47cdd8419ae4b32bb75a768bc9a924ec2d865d2a034325455179d7883b98392a240597140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fa1bc243314cf246419e4944579c237b

SHA1
1b8121a87cfb5c82ab9f004a644c4ffc73d58a7d

SHA256
8253a03b2e2e29d6cf29599efc19419ddbf7be0fd0c6af8d2e96dbb609f1abd2

SHA512
0e6038b2ee8982702272913fad237df24cf51135a2965f2cc7cc1fed10e4fe3c2d61c8e6dc792c00912f696a7d47d4d48a11cef3aaa20117d3f06a9fa5390128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3bb6b81488d0cb66d459fbef9a051249

SHA1
7d1b2ede0dbefcf3ebf16a25ca2dfd736773080b

SHA256
1e7e74deddde3530fc760722b042e8ec0a57d46fb1647c2fe75fe56086370302

SHA512
4412fbc8c8fb7d902eb86cde8f338111a2dcdb66208b1541ed5c275db9cb3ea5a2bc3b5035f620598a9cdbd8e154649d097a506b36753b898d64df6474525150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14a00e2727193b611e2b0a4a21ef2dff

SHA1
b9a3d3470be438972152a813e688a8376168bef9

SHA256
18520e7685fa427664cfd528c176e8c67809f3da450872dcefc5cce6a92eee8c

SHA512
30cc2b24e959e7bc22aba504d3fff08eb165960d0ed225c3ba4a42ee9ab5912077d9bb0b6aaf9adf83d1cda8e862da58ca1a5399cc3bb06b08139dd9d810229a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0e6038cd811a7b053ffc0e492ee8a1e4

SHA1
1c8a4f6a8c230c35ec4b8ab931c41503cda165c6

SHA256
724f16604f3c2fdaef869dbc0eff5d476be6f91383a0ad08c19c9ad3a5427662

SHA512
05eeaaa968f429176711a7c0336999dec1505abea21b06b0aa10bb074549d3634549835f950ed3dc1ff39e2e3e069b55b786f0945192eb5490da1a1fee0dd718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fe8c8c864613ae294be4cbbd8229c1b

SHA1
a60ba5255abe4c25a3a936e9a4adfead3ecfd906

SHA256
dd0d1c62f6e2847522957408dad1a3089bef8d992d4bf39930a99a93b57e3c4b

SHA512
7682bd2d2d1d0b658d6bdff1d2db09bf4de9ac64749974c297a1636403a8ad5dc95b3eb9f2cf6a997405c3bcd66347863487e532c56603387eece5b8fce2c040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588d85.TMP

Filesize
371B

MD5
b7dcc837c8c38d409a8087c24f6727a0

SHA1
fbed33f28dcbae5e31bf5e7c5ed692d290da2a86

SHA256
c60b64c29bbc2899deb15cc49db4ceae9c2515a51878ff14bc6dfc87d2b1e9af

SHA512
74c8fd7026bf682a4677ab5a785e371140df834230a7a629bd62e91b327111e0852b197680ff9c819574ce8cfd8b373ad60336f513c8988a8007775d30740682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f504a2fb-cc44-4c32-b2af-8620426e51bd.tmp

Filesize
5KB

MD5
3e6510c52a3478b15aab910df68b3805

SHA1
7a28e627e3c1b9327126b9334507772075aa31ba

SHA256
40d8f6b6e22a1138a221f390d01b60fe4f592b9c638eb2a846848856c6b2447d

SHA512
149626effca175a803b43263a406110fdf3c1c5e3ec3637094027039ae6f0e1da9d8b7e687312b0c8cf50b4444f591a44a103e675a977f6a18099b1ec3a76dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b51c81d15983c6018fe78cee4024339b

SHA1
4f1016ce18bfa73111565a57da8608e12d598c33

SHA256
5f851c6e56ac6b6e03b7689248b0bae6bece8ce9c5a2bafbc9aeac41a1775253

SHA512
7f68644255b72a5b39b5ea15ca19b58d98f50b9324c4594d688bf220c0232376cb9ed1c72996a5aab22fd9e49662ca93dbbe1c704bd26f817c7e0a545a497d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
af935475f6a5cce6360216a4f631bb8a

SHA1
7e861bda6ddb05d0e5178a00cd2fc43683983fcc

SHA256
d6763392363585c1d9810ec665cd0bba46ac051a6cba27a1a37a56d375e8ce5a

SHA512
c40f03a2ef044098344df171a8dfdce319687d8169ad410bcf41d0aa911a3c52c93a7e7f2a651a666e7fb87d4ac3dd43121cfb5a20d6637284fe23f8d6dff4a4

Download Submit