Analysis
-
max time kernel
212s -
max time network
222s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 19:49
Static task
static1
Behavioral task
behavioral1
Sample
GENP4.2.exe
Resource
win7-20240221-en
General
-
Target
GENP4.2.exe
-
Size
104.5MB
-
MD5
52d11dbac46ec385e0a0860cc4f4d5ea
-
SHA1
1f7ef23ae7036105f4408de7ad3d7ff32ca5d824
-
SHA256
4e756fe5adb15ac6a8fff1a1c468e1335cdafd085fc749c177b3ad792a289cf5
-
SHA512
2f2b218fccef32e743ed2fb9a1d40b99a8c75b5de3dcc315bd63cd4c5d825402aa41f1806d372ebd6d94668958b7f8d7b39bfbe600f8fe4b13a7efceb8f4d4e9
-
SSDEEP
393216:v3zalStgJgk4BmIlKNTFhVDnE8xqq1qgi7AESG7AZ9bmqvg67Mbv6H:v3zalStzk4gIiTF3E8xqTSxZCLbvs
Malware Config
Extracted
lumma
https://legatorypluralishrtw.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
GENP4.2.exedescription pid process target process PID 3036 set thread context of 3448 3036 GENP4.2.exe BitLockerToGo.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1790404759-2178872477-2616469472-1000\{D1F218F1-FB84-45A3-9F54-24BD56CFC93C} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3596 msedge.exe 3596 msedge.exe 3992 msedge.exe 3992 msedge.exe 4536 msedge.exe 4536 msedge.exe 548 identity_helper.exe 548 identity_helper.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
msedge.exepid process 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
GENP4.2.exeAUDIODG.EXEdescription pid process Token: SeDebugPrivilege 3036 GENP4.2.exe Token: 33 4496 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4496 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
GENP4.2.exemsedge.exedescription pid process target process PID 3036 wrote to memory of 3448 3036 GENP4.2.exe BitLockerToGo.exe PID 3036 wrote to memory of 3448 3036 GENP4.2.exe BitLockerToGo.exe PID 3036 wrote to memory of 3448 3036 GENP4.2.exe BitLockerToGo.exe PID 3036 wrote to memory of 3448 3036 GENP4.2.exe BitLockerToGo.exe PID 3036 wrote to memory of 3448 3036 GENP4.2.exe BitLockerToGo.exe PID 3992 wrote to memory of 480 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 480 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2768 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 3596 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 3596 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe PID 3992 wrote to memory of 2788 3992 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe"C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3036 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵PID:3448
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8701a46f8,0x7ff8701a4708,0x7ff8701a47182⤵PID:480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:2768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:2788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:3828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:3584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:4796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:2440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:3560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:2284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:12⤵PID:4816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:4088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:3648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 /prefetch:82⤵PID:3336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5768 /prefetch:82⤵PID:4736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6312 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:4936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵PID:3124
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:82⤵PID:212
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:12⤵PID:4580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵PID:4320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵PID:2096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7730685629194239809,12461607463031975564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3112
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2c8 0x2f81⤵
- Suspicious use of AdjustPrivilegeToken
PID:4496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3712
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59cafa4c8eee7ab605ab279aafd19cc14
SHA1e362e5d37d1a79e7b4a8642b068934e4571a55f1
SHA256d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166
SHA512eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6
-
Filesize
152B
MD53bde7b7b0c0c9c66bdd8e3f712bd71eb
SHA1266bd462e249f029df05311255a15c8f42719acc
SHA2562ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a
SHA5125fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD51a0a227239800895757ceb2eeae254e8
SHA1c227cf2a03438ad9b20dd7683b5089586a831d7a
SHA256869474e34ae43bfa31181590e34f4c1e03051dea8e6d3965b61dc2805cdc7921
SHA512188904d00dd9d8c66cdc51ce169de2208b992394eeab2aa0cc186af4e631b3141d4660218b1db8513a588b0b393b010c2918a0d0c97d30aee53bda9817897ead
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD549b692904d4c47fef374b71e21348927
SHA1fc0ea95b69b61585cf79ae633c83f0666fefb861
SHA256d705fbdc3c679171dce5b083b5cbe06ad0ecccbeafaccd33ab0aa51ec8792ddb
SHA512cff84bc7522e1da34467ff6612c9b7ff26020136d46a2e66b96d1e10f5674dcb331a9c7a613c989b19753637f94a3b996a7bffedd99f4aaecee5c42886e7d278
-
Filesize
2KB
MD546f6e6867447c15c8cff8d74e4eab0fe
SHA15c66cb180e40682ffd7e76c071996a44170cc6da
SHA256c97c92f4d24ae7bf38ba139ecd9e456e34d2f54af9db8d6efdb26c5a0e6fe902
SHA5121531f864e418902c1453fe2c56756dd47aa5e7ced1963e3a9e487a68e743df4287783000b35bd3aba3c65f591657352cb86ee4e90470b80e5eb2cafaac985d55
-
Filesize
6KB
MD5b800ac48bf6ed3eb2d05bed6f31b51bc
SHA1964c2cb1a099ccb6641b8025ff0958e6d793f62e
SHA256bfa69bcdac94967b078cffe95701e2c63800fffa3b7c99642eb90cec77d32368
SHA512fbe3e37c1828ef9be6952b4c7acf7e0f6a062deeae916c53de71b2e3b0737272f8c394528004cd79d4ed842661ceace665ee8d1e161df5417fef3481a8b87e76
-
Filesize
7KB
MD515aac5a30c0d73d1cab012221f39b2e7
SHA12480a5c82856a196a60e963b3e68e3b7006205ef
SHA256b87281b8d97523afca4f8de14f67cb9255c4187617bf5ba9f1befc31dcdda5d4
SHA512a5c0d445cf9f882568f8056d6ec870856e8af2eb32c165cbddf2c4e76cd58301a2b32f512f0e8d2d016eef18c9891c15f759dbdf412fa7bc8a78f3224737ff67
-
Filesize
7KB
MD57b43da8a0a1b1c9e44abe83ae04e60a4
SHA1eab3e3ef924b457ae2785c0fbc6b07f12101f028
SHA256eeae182fc8dab53b5afc403763813739c07fd3758915ab382576e92c0c3d37d8
SHA5122dab6af1ab2739e52ab093e3cdd98257ba6728c257afbe93e83b18b7720842edbf71dd4a06df0ad83ed6202cdb7cc2ad50a9578aa38844667dc12166ef3f67f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bed638b6-757b-4d7b-b6f5-e954df14a35d\index-dir\the-real-index
Filesize2KB
MD591e8804b7d9bc089d4c9c1191e24ffac
SHA1e28525993ed14a25a3430a52b83ae7b618e13cfb
SHA256b3af3f584bcbeac2acff8765035f9e9809381068bb55cd289981e76c3fc56faa
SHA5126ac2e9892505e533dbe1c6a59468ae0bd5e598fee5bb80acf87f344795e67332b205e62211bd6b048b76a0d141da06e3ae8a5796dbd1fb5a2be0a32cb4ab1006
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bed638b6-757b-4d7b-b6f5-e954df14a35d\index-dir\the-real-index~RFe58f8f1.TMP
Filesize48B
MD530a044caadfc306a047a54c3e3823551
SHA1a5afaacecaf735207d4034e2ed49f2edd9da5fba
SHA2561a910536276d1f18da3f31e59ca13cc0d8efd3882bd7f371a520297a0d1d7ad2
SHA512c4aab05c7111b4066458ec711cd840180dc22657605e2ac57e93c479ced9bf667d19eb695c6f972eb7ec38878ba13a6626ff674027ec282e37674d3c3a2b959e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize89B
MD50cdf9f5cd8afe39eba9a50e89d053447
SHA11daad419b49040e0d3734d4a9a2e64cbf70abd7f
SHA25633bb120a27e6cde3632ddee24100b1c633f80beb9d802d20cd5de5ebb04c195b
SHA512dd33dd791fd0ffea306f386ea5c3673af429ea825d86457d78a5d0e6541478f1cd0425007f72d299f98aa57c42bc40695fb9e96ecdcf77953768931110014a99
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD598ca56d959127bb2ffc73f99c3b6a767
SHA1928b89cce45911ce344db7286418482761aed70f
SHA256bfcaeebf703672e37b75ac0540255c49ee7fac10c4b2fef2869f3682063d7b15
SHA51253af8d9d78110e22a820edb9c4f1c4bc4a3e81f803f01c1d00fd47def348037d56fca0a497138c5a9db249e07c2c1d23d1f3ac00dafdb73473ceaca469041bed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize84B
MD51c808298711b33b1adbd4e08aa8fcc32
SHA1b8cf1bc810ef4ab8cff97de71505662fda943bab
SHA2561f5893c1c8c0a50ed1e0e69dcb331c197cb88fb5577eb3ff806f3e40d45fe7fb
SHA5126b88a30a5a0ee491f0c696702a746101c572adf2375ddb32c124480919806b44155b701a4008114afcf91551c7cb3509eae53268b04b945cbbb1addcca2c5740
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD534cff2adc0026f347fe78eda2cb9ba88
SHA19ade755a4eb14cbeab8931fefa8ff73ad23e9574
SHA256863057deb52e5249123eee73d42381bd73666e591cb44b631853475d2ae08e1d
SHA51257560816c92a94cc848979a82ecf206853419c479f482a74e4cb403862d127e3c4076eaa1aab54d5ba77fb50ce59260a3bd0e2b100059eee6381255e9bdc7269
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD57fe9177b7fc77d6262c1b96fda042c14
SHA19cfa1dbe909e77c58709bc5046cb5e52fe543386
SHA256dcae465611a72ecd21487169fab272f1a3aef6371e19f975b64ab039b9dc62c1
SHA5124f63aaeb27a7c0df338d82539e99eecf69b1a0c4a434bf83caddb2df32740738beedb5de63f31436e2d671133130a80917e2e5010752281dad2d691a6a1a977c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ee05.TMP
Filesize48B
MD54e2b0eaa5d20234d94f70ce976791748
SHA150ee90d6c1fd66ea009601894661e234c1c79d94
SHA25661384472dcae922e3af371e1de6fd2d36422e697ae8e156586fff6aafc85f765
SHA51205669b5480ec62345b6838ff927aad5dc6b601d13e48a4c140ac2548f07b2230fc94dc6af6d2b69d00dc6d931c6f9a2ff7ad1af2d2ee8a812fcba55e58c1e2d0
-
Filesize
1KB
MD5aeb9bf351578fb67e7ddfba5cc20e5fb
SHA18616bd28299345bc4e5593f0006fe4f376f930bf
SHA256a35818488b0308a508d056fc5fa067f98eef3bcd31527b700b67eef49992c4c8
SHA512b4c32fdf90720e85080dd2968e21504e3f4dc39407bf0b69a38e78156c17d9834698ed61ff77a7d68d611c351e1eb364edce2228560feb955fe8ef3597295ce2
-
Filesize
869B
MD5b6207249aeff203abdd820dba4c3f7c2
SHA1ebc4a1a9f4cc2dda5e6f3d3a45705b627329006d
SHA256a2551980a71e858bc898e8ca48fe86d847cd588302a34dc518448df2da561567
SHA512a5d51db040f8c4acad42f536c3a5114a914ec9d4b9260457e6dcc83da4397ad319562878e9788be506ecb55ed25d0880c04197ddeb33c1fd8d0a15de3e8f92a0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51a6634308bbd28fa1bec056d74812c06
SHA1cd2140dbad9d1bec66060e9ac786105c29509c53
SHA256ddc49fb5b35f4d9bbdbfab336217378f2ff2490d6b7d5991c843cde9e09f4cad
SHA512c6b863a7313c1ec32e2b6baba244fc0d3f938d923ee7a2e669952ba0b6e3a39c454068a40c0dd8ccf99b7220cebb0016caabd52e1240671f5cedd85ec5b2e163
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e