hxxp://123movies[.]com

Analysis

max time kernel
279s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://123movies.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{A86B4C07-6436-44AC-B6B0-3055A0718C78}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
3476	msedge.exe
3476	msedge.exe
1512	identity_helper.exe
1512	identity_helper.exe
6020	msedge.exe
6020	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1520	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1520	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 3252	3476	msedge.exe	89
PID 3476 wrote to memory of 3252	3476	msedge.exe	89
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1752	3476	msedge.exe	90
PID 3476 wrote to memory of 1172	3476	msedge.exe	91
PID 3476 wrote to memory of 1172	3476	msedge.exe	91
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92
PID 3476 wrote to memory of 3728	3476	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://123movies.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff068446f8,0x7fff06844708,0x7fff06844718
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2152 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,4369299219329778375,13730556465762995065,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x314
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
39KB

MD5
db3526f7dc13cdd6788294f03fdd800c

SHA1
36ed131993c6a9a08c4b1afd9ee05cc51e278126

SHA256
768684ff27a3af3b67be7a010e39e9e83eb582d3dd8a33811d2d12cb4df3f436

SHA512
23ea589c245ba5b25c45a1db56846780e3f0021b30f134accb266f8a2ee56d44761aaa5b623ccf89a7c2481d005ba144be8dc884e135b696a5eb42fb2b3cca26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
21KB

MD5
a0e7619864916fc337ec5e833148afd0

SHA1
6f572a722e189959fa80fa9305c0901f9d200bca

SHA256
47c9b6bb661a8d7b9ea4ca9bd6cfbfc764c60f0b25fc2eecac81c46ce3cb72f4

SHA512
0a7f60494146fbb099561e7713fbe47e205ffc146603ad5f233d1c07a680b6c29f25e09458a09dee897650bf88acb85b1a56a036365eedaab7cb56db5e3e2a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
93KB

MD5
1deef8f6863d234112dc0e958f170350

SHA1
b41b1a52ffaf695957bc36de3051cded098c9e6f

SHA256
29d5f924571a64288f91f8bbbbaa680032403aa16915e851303b76db97caa8bb

SHA512
6b6c811a3e5bd4419a076d571f7460812c73bc2cb61851a2b7fc57155ba4d5526a456bd4f3a0ce1593d85cf0a34e85240d00b540c6c2d02dddf46f0b022e4382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
63KB

MD5
cdcb90f8f9560895784a5a6f488cccea

SHA1
a5683bd7789b5c3d03f3bf0b3a7150b58e858d71

SHA256
20e711b2161e3ec111c2c92d099959cbcf9b08e2eb84b215c98c2eb09a3758e2

SHA512
b5a91927203dd2417d76879d4c6a3dd65fceec806fbac8bcaba7eac43fca45bd01556bdff05a502ee5adfe54e3248198e210ae6957443ccafb40f9bd26e4c79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
20KB

MD5
adf7c5847e1127a794eb891af73eeead

SHA1
f9a02354abebdb3f0c819a6b85eba4d2002b4f97

SHA256
30a161eb05fe5ccc81d21bd158e7cf3378cc5dce2e1ee76f29462472e39297e1

SHA512
e5197fc103feae7c581cfdbcf28e40df35c052d1096597637805386afee6235272ed22c28a59c3f48190a0682591c3e5408ca7e1412ecd1c1e4895ad5e566265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
96KB

MD5
98dfa42fd6c8fb80717c1378ac278650

SHA1
9d203ed5b0503674f35c4aaa7d046144cb0a815c

SHA256
7f3bd4485735c68480113ef89cb9e036a645f2dd70dbec166a0b1d9162fe4ad2

SHA512
8722496c1796130c1ee297de0897eacb1d496835ea051f76fd2aeb48b379db9d6897faaa56c0b3f62f6aac4b4883d63c7e7d8b1c80a5e5bf53a4499f262a801e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
1024KB

MD5
a444964d6755337cdf60740354ddcb10

SHA1
7af3a8c2731cb5e1bb686288ea1c726efb02c8bd

SHA256
842223214e5a9f9b47de065703c626d745601a8f9e2739a28495fe9e7c61e4e2

SHA512
890b4da425cc4b53e7c4a1259fdb598792690c4da01b091de079ec013373198d8132caf84e1ade05eaf6972aaa5943c2bb957c7c72d4eb189d205f5ce66b08d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
1024KB

MD5
2cc7ba43dabaae7567add50781eaaa7c

SHA1
cfa69faae7d27ca0646b169a3a48466a965b39f5

SHA256
6223d2067a7aec7b6b920df704f2f3584cd8ae7a542192cf7acacf9896cbd0a8

SHA512
4e6233a8cc5bae713b4056bc4a42387bd830d9ca9b9cb362f6eacd28974ffb6e147e54a8cef4c7124cbb55218a2534c03db6087c06ef7071b7d787a0783422ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
1024KB

MD5
49829b47da153771d81929adc69b6c4d

SHA1
6939d79a8f1278d15c9255cc72fae84bccad31aa

SHA256
1425ed9a82f307cac154fbbb84779b4dfceeee53974d00423e68a695510fcd97

SHA512
119164391f9528e85f89e64f3a1965f0c6aec251b9a07ed967560c3b30202c603621442fdac2cf7ac107e57b8f67d2a9932e58a4f601d732c75376f04753b20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
1024KB

MD5
115047c30a830f29767677fb11dc9cf4

SHA1
8b289b1795c0a24fe6e86fc5919728ec66d14feb

SHA256
bf8e2590c2f6c8fbdf1c1e19585649869a84f3de2b42f0aa5d4940122a973580

SHA512
fa1bfb83a03768bc9d7b5d764d050ee4999215170a073cd03a23f01b24875b847c34c18824d81919524dc9e52ad6090d3439fd371599ac2e7cd46e18aa294270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
1024KB

MD5
c1352624b030fbeac413de0df22c4f34

SHA1
f20f2c549fa1bbec87ad354a62b71063af116c9a

SHA256
54ceaf1914190cffb6aa5f9eba168305be08d24f87309f2a83e8c8c3aa5ada4b

SHA512
7284fead4b161538ee548d3eae5fc0fb9f7289755f3a8b435957c3d8dbe182cf9faba6103623c5b5720fe03680526073fb0cf48950589592665847f885b70111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
1024KB

MD5
a0793c1bf556e89908b6ddaf25c7c504

SHA1
2f8eff3750ddc721dbe09b9be4417c2bc6ad9f19

SHA256
bb73c1567caf7d6a6aa18e5e4512d196d8bad905b6cf7fe350cb9ef9e675407d

SHA512
3f50131d3573bf399f15a890f016d09faa532a6b25336e1af1247618b7b33f91f22a157f3bfeff3ee7f33f1f3185d48a0a050fe3ddcbd2316ff1f50dd934a49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
448KB

MD5
c273b2cf85d187e089ae2d1df8ab090f

SHA1
4ce6df6925940b33d77161309fdc2c75e15bf0a5

SHA256
cdc8e98d68612ac6414ae480925d208de5ac86f9ef2a98edb25052eb7a479331

SHA512
646d18f7da15d08d125f5d051995185b9a2c5349d70a3a0f0e6fb2ac5b03574a28386bcec64f772766de5a34a1f3460123835984fc6e04b2bfa1d7262cf7830e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
1024KB

MD5
23a0f3ce94d0cd00be41b2f49e674569

SHA1
1134a142a3fbf37a63f3041839c21edf6c20d5c1

SHA256
b71f09f25d58fd38fb8b2df13744c1f394bab7d3bcc372bae51112131c7cf6ab

SHA512
6ca71c39ea113ee9a998abee07f4469935d2c8cfd7d92b82c670e95a5c2c0d61ead11f0dad68c311f11e4e4d49a9052e7addb1e2b8072c643e65ee13810aa0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8ae78a7bfae42e179d0f1bf53935c2e5

SHA1
a4be8083d331e21041b51ff69ccc6ef7b050e4e3

SHA256
c55c268ac948f013b7ea6f6da69125b6a767135fdc71c1554693e8e4821bccf9

SHA512
e52630ba5e0c3c4185332173cc623b787c55896062f16c690e5384632f8b0873d4589ffd0bd1678437be4c6c72cbc52827538d652fc0d5de5facd132df9c3884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2ca6ebcac3bf00463523dab3baae89eb

SHA1
dedbf426b17e0b1a67b706caabcc0e2242ce75e4

SHA256
ee6ec740000e9919550c697f06a3a04c75dcdb278d7023418bf5a12a69e8e5ad

SHA512
3936bbce9a97d72c64b9250743afc2450bf015895fbc4a5c96d47a5d88575f6f42312da84caa6cff6627cfbff0034695bbcf8742e7ca44e21420a0e076402b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
37cbead323ccf9391aa99e8f42ff5253

SHA1
a1b98644afcf18ed509cf8508071cca91323ff5d

SHA256
538d973fc3dd8dfa497f70601b49f640f9aff613dfda85ae50bf56ee309f01c8

SHA512
17c5074e642dc440e74c7a9c07d869aa8981c2f670ba250a2336f475a33f0a942c07b6850e1863006f4cff6d4359dc188aed850f0cfd2c4dea6de4c6230e7b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f19c4d719bea9dc24fce84b726c1630a

SHA1
06de9b3406f2fbaf1e8008c7b5fb562d9feec6d3

SHA256
d924b25bf5d4fd3c063d22de2eb431cced5342666e46015852558bbe6351130a

SHA512
f6372a7279dbea394810555aa03253c6969536feac93a6b3ba22f1d3614387e954153c5938f3acb4d20a19b546f532123a901f9074f7bb48d018bc532dc66b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eb57d80cb9a2dc2dc00ed5e339f2d055

SHA1
a2ca2401852680cefafee668d13e1847fe1efb7f

SHA256
95086a1c407fb695de8c5009864e87087746cd69e3d94827d31cf551e420c4aa

SHA512
fc5d429e75d0973a1f2c7ef3c69581106ea23838b13d51de2911a76f4877bfa06092cb2cf716acaa518eb889ff963df88dfa730bf6a2f8931a793c874686f813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0f24d8d457bac18a50244b5d23c1f84

SHA1
c9b536f3f7a584e867cbd572f95ee5ab65e10aa1

SHA256
f80d9c4286f273f352987825fa40fb5de49712353245ac04d73c88c39ca5d7d2

SHA512
2afa988d51606da451724f25251a1d0ad423b3380bb29ab03df8fb5aeb673068f8489a132670f493c92fade6710baa4ca670f17a1abe113294aae5b981793839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2926af2fa13006f89db6fe8a9ecbff6

SHA1
74d35680eb01f201d8b4fe6fe3aa17b259495b64

SHA256
012586cbee7f419889344b26e85d3f533040ae5e4a5ae66ed7aa79fbbf19e88e

SHA512
16e66a2de83a1761f036edb9c6d47e55af9d91b765d88b08adbee6042b3b2db8e8fd0bd07d603245623a9c5d2ee210fd73b76f0f05b677020843f62e8a2836ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c4408f4fcc5873e2b97f2329a0a7e17

SHA1
cc1a3f7d1b008869e5af4ca53125ef18774743b1

SHA256
d5960ae0be85e6abb82d6d82cbab92be3b11685bbc0b4e41f7e9aa4cef95ec41

SHA512
7c3aee592e9266a86371d349cf11349a266e7b29645dd7f8d29bc7c5083a9938da48bdde9d71efca1186d2752156fc3bc3aebaafbccace5d6042bcd3d8686f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0c13c4541c414d3c58063aaca62c5471

SHA1
4360d679582e29159d36d57bb0e687dd805a018c

SHA256
6827e20b4755e89c3fbc6071507e596894ab33f25e4d97f111c7fcd6b7d4d3bb

SHA512
83c98df34108ed50e485dbf0ba9abc3376594ae65f3a04554ec4904379f487edbf36cdb0e3cac5c0ad47302dd5fbe9eb76ded92c2bd2e62ba935a8e0a0532751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0f9722de4d855b731e6baac28d215670

SHA1
4fbf1e79d32ed550bbade2deb7fe47b0734840eb

SHA256
3cf4e57507d30547d2eb422d4bae2c69a70148956e5e340ad12fc09fa4246766

SHA512
24ecd09c93f9c84f6e98d23b83d8ce8361cf2a558ae3c248ed024927c2c240d574c06323b79c20340ad5f0663c32b1fd1fb0f3df172430b056d28e46fdcf04f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bb6f0101de365304947b4cb831703816

SHA1
222bb5c408c330ff9d39fef0f83901c9c737f43e

SHA256
589096f3cef06992d50ee454fd415d107f2a27a65c4b043768c0f0d2bebc0d04

SHA512
c3f7a6fda9b8fac4fabd6fd2933afd6d5d800474cbf71e9bd77d053f0c573ec068ba7234462cc0dbb8dc2187a82965e62ef6ae291a7711a3009df6fa25c38789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98113395494e45f3c936272b62c4cb14

SHA1
ba2f74d3f05d9f69ecadf38f0284ccee45bc195d

SHA256
c6c9c05c672f9794e8d4b1ff1eb63a652ba41e28386167a2b0582fc9a56eb63a

SHA512
20b098c95fbaf06aed39caf39a50a4222e897d89fcca3773cde48411e0fb853b4feef72de2beadddf83b1687d96fc40d77cf7c05db2a5c9380178e92b7a6e00e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8e48f1696b5993e139707d0304a8e0a

SHA1
05812b606eeb4937e0b30b0a70b0dc59ee0d5827

SHA256
f554891d893ce1c962ffc405bfcd685fa47bbda38ec34293b8cdb8947e3860a3

SHA512
aae02066ba91ae5be3eccf896d1ccab72860896136f78b4483109934b26e08a44cade84d4d0f87d42a61e696645a0042f609f6f4c3be601683ed7d851441b459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
460760d42329248b7620f5a000bfca19

SHA1
4cde56da7d486b8e4d8ce44ab27129d65c722d4f

SHA256
972886c4777811fe5c24400eb5bfdf5fc863befb7f7031c2b2ef799c6b6bff06

SHA512
0b75f8362ce6b3f6ba436a79e2034323f2dfa7a8302d783f9bc0f9af5dd27f61a41edb6c2b756bf8e144c378c4c12065360ff2a4e92de8523cedfc6de37ad6b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15c1e7b29769472949814322f8a374df

SHA1
785b94a2ebf35ce5ceb00dd279b0a81fddcd143f

SHA256
bd7d5310e313b63f873ba00d090412e184e83b274950de3bd11faa9337879fbd

SHA512
c9fdb0242630b40c4090f96af5cbd93bb436ee67bd0434f4c0c97609323947c4ce07f278f79287d5437b22884f85fd0f97ab882909a31dfb934f5c11517ce3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dec7.TMP

Filesize
203B

MD5
988969f3ba337d06ce09a17b29f9b574

SHA1
df0efbd4d8d73ba69d0321d9ccaaf903b3d41ecc

SHA256
226b2ec20aca8b35f0d25eed67e2e50bd8d368e28e373d02c915714fdb400b8f

SHA512
f2af8f6e76561376fc686edc6c2fc22b25d8a600e7dd159c6617ec55aed647f43041b4aeccfe42433b62c4749019fe6a27511935cd1c02c6daf4be031ac15536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8bc5960ced20f831a3f3506b08faba11

SHA1
a125a69ae57aa509db7753cee7f6a9ce5f881a7f

SHA256
d4f5cf1a448a4f64c91426c863dce83faa04646eb1e4ec4e48c46f0a051392e8

SHA512
ca902cc11f2e506484f1ed1e329d92b3a8da1822e7bd10b09e2fff273c0f7c7327d30ec3f6356b625ba00fae519166df854a950807d6eff77774ebc1bc411815

Download Submit