hxxps://gnula[.]nu/animacion/ver-suzume-2022-online/

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gnula.nu/animacion/ver-suzume-2022-online/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
4032	msedge.exe
4032	msedge.exe
3400	identity_helper.exe
3400	identity_helper.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3432	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3432	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 1500	4032	msedge.exe	83
PID 4032 wrote to memory of 1500	4032	msedge.exe	83
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1612	4032	msedge.exe	85
PID 4032 wrote to memory of 1036	4032	msedge.exe	84
PID 4032 wrote to memory of 1036	4032	msedge.exe	84
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86
PID 4032 wrote to memory of 4516	4032	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gnula.nu/animacion/ver-suzume-2022-online/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5c746f8,0x7ffae5c74708,0x7ffae5c74718
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7672 /prefetch:8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,2520774194164346238,8489602543351959726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8008 /prefetch:8
  2⤵
  PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x44c 0x4b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
88KB

MD5
55ee3d00a66acaa93f4daff6df685d79

SHA1
47ef959456c7f2b597530ac653f41f57f407eb48

SHA256
2a849467822a1fd7e24cd14cb909dd586b7981f2f6f97d2cfaa002c74a0fa959

SHA512
c3c2e668a41c27c1d82587650b45f5b4612e36ec97e85c65afbc5dfb5d55ef97760b0bb60b6da0020bf5fcb6e19d0918e8793cee0569bd864952a328136ccf5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
48KB

MD5
59618ff98df07e2d30397a1246ddbada

SHA1
801d58595bb07dc866bd3ef19d4201cf9c7a7a24

SHA256
bfc610eb11db785fb58500feb4e66800a574ac8d6e51c0751ad437e660cbf8b5

SHA512
fae736b720848cebbed5942039a6cb97b5054899e601accfc39f48833f3395df5b2def333b1c5ca43e3630eca9b69c35d8f858ac6d386d5fbe0e71286a011c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
94KB

MD5
169ad9c01cb776414413dc5cae3ec424

SHA1
32c4adecd30bdd0abc7d6404c15e5220d2735ae9

SHA256
594c47c91c1a9d4753764ed8eb98b434936e0b551c7bfae68c30e9d0977c1731

SHA512
9098e4fa1473be120dd335799d22142a4343de635ba841586024c2086d245c3de81aeb743faba039101bbf9914b3a6e64455db2e867810619a33bf916658c665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
32KB

MD5
bf7b3ba44fba9f62bb43499f025baee1

SHA1
72123d63f9eec8aba75161fbeb30853c20bac031

SHA256
23cf56976a1bd51f856f6b9ad0e8c72ba557d8496f7067c798374ec2cf169f16

SHA512
1666168d459ae349d4a565151473a4e59680432610a32fa89b059522212251822469c4b22e274e03753c2c24003232d844bcc52803e2637a55afcfa5866042b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a9792c1baab0924a6089dab1c5b73318

SHA1
0da4e5b5de9b0e2d510c26fd473d68ad4238cfa4

SHA256
c305e1eb29c35b299fc28b570644c8a921a4d103806e0bdd2547ca0d5d4b84f2

SHA512
3d2f00411dc5aff7211c6ed6174b29e9ad448398bdd574b26448a161233679deecca2d3258a0d991cbea61a48806419757c4da6ab22433cac2d6a9a86ae6b92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
904386ccf3331dd837f6b8627594fb4f

SHA1
8e23adaa588cb183a89c4f4b895bfd80df3c45b7

SHA256
17e63ec7d6e793abeab3ec1ef1c681ec7b4f2c7e0d7b59682d50bc4fde36d6a3

SHA512
76d91dba6d0da2ce23d9c015f092aa7f14311e8e15984449883c1d7fd10b86eaa98a52f65583c23191e7a411922ab5c71b92ef6a5f912d8477044d5906097dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be0c26da6d6eb06726ff37979be03af2

SHA1
f9064d6502cc6c55822c15fd17212d9ec758b1d1

SHA256
28a751cb68698943ff342fba71eed7e9bedc69bf1927693a89b312bacd8bf0e8

SHA512
a23604c3f05ffd25be924e9d051cfc7731c62aa580f24b6fb0cd4357056ff40f4ae80b592048a81083f64d98d258a33ed2d688e4917ed4ec3756d3a8a0385966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
839ddf712da3231a109b1965ff0a15fe

SHA1
d3164861f2a268840f81f4791979cd8f05fe181c

SHA256
85a18d03bca9367a6ebe32d2f198ed131fa7c340f7dd2b2783361c8f29a2943a

SHA512
c5a2806c80b81629f399540850477624731d51aa43da44483ec330232f7832bc93fefc7e2479a8d9fd9145f69c33eafa7affbf7edafb22790ad2bb9f11a5f820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f93f948bee7db0d43d5734346bbc48b0

SHA1
3146b35f7b6384a2ea577ee6718a8e0ca8296659

SHA256
994e407ed41e47cd201957443e6bf7e103b9b0d79a10f5397cceb3f0c2ce9130

SHA512
93fff86c61ffb29b4265d1c274b44b9a2f1b8202f48197d795506a34eac9f399ca913403c5a4b83222e776d27df530b7bf243980ad4af3633fbee5c349c45f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b9b486f54351189bc15a015cd6a6d856

SHA1
9eca3158b106258526ed0cc9796f86941432f80a

SHA256
deb05e701d23de405aaa0bd66babedb93d6d8e2cbb674c7e0e93e15985826b48

SHA512
2edf7414556da53177cdf1e8d7d1121efed33be0a15c054c1fcf3bc2eebc3aa39efa28fc9640cddbf3495c063f0f30969ce41939ac04861b060dff59aad7d75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
be98b223900cbc763b4ad8815e104a72

SHA1
400c41590f665492d8e3c7587a91c4b98e4203c1

SHA256
df74f6d45a8b929d3dfd5c3e182c57d7f22daff2eaf7d913574d11b5428f1424

SHA512
085325b91bf2752af5509a8a77d07e7fc8e2ff78c5ff14a56de7818626b71a3d40f7024338ff73d584ea353197912a8869ae832ddf49fa33d04ec05d73245434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b63eb11fb0946b74b6367900a2586b36

SHA1
8581a547d0041e4575545ed41f1de3accbb1bced

SHA256
93535e0087d5729b06d9469efb1203eba5c2bb3ef332278e4fbf43291d04460c

SHA512
eeac56a032cc2bd1ad30e6f3c1dac4e791662be21af99aad8bbbf8b33765801ba58b5a2b6f510232671779a7b49590eef542cf08ce230365cd0912ad960d7a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5803d3.TMP

Filesize
2KB

MD5
b8f27e3a2ac9b6b8f10ba66b52abea19

SHA1
4890cb1e147c7e2ce7334a9f737ab6775be344ed

SHA256
1d75fec2f811fd72b2f7fe8f1a82e8fdfc0a72946230ff1a39f1f55688edd5e2

SHA512
34a5b0b7c6c8bdf934f2099e90ea4d313ebb46cffc95e3954624cff2eddbc0e02dcc7edb6c8990b72fc23fd4c0c3c3598c424ec7cfd67000f18b7c7300371f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7c406bf5972f5c1f5e0ee5147ed3f73f

SHA1
a0db7ae1d54945ba6832f9ede6ba4f0eeb6b1d18

SHA256
09b6eb48a583f892eb2c3ba1f3c0bbe0c00e00172f0b6ebf75fef5e2cb1ad54c

SHA512
ea1b7938045ccd6d3033b82bb66b328108ac24329b10d3de05b7e35525032f27848c9f8d9e3f436750c055299a97f9c642fe1e0e0a8336b6d1c3bd91671e6436

Download Submit