9d855494ec0361946171caa50d243c79cefe9172989c9cb9e6e20f43fc2ad5dd

Resubmissions

Analysis

max time kernel
316s
max time network
320s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord RPC.zip
Size

41KB
MD5

1c499580dde0d7cd73313d910e5c93a6
SHA1

a3cfe9c902fefefcaa2e77e74ede7806392468d5
SHA256

9d855494ec0361946171caa50d243c79cefe9172989c9cb9e6e20f43fc2ad5dd
SHA512

d00f16dd0c848d71081668e1553cee8a483594fe6c66c28477d4b37b2eb6e1ed2467a191a26cd2e63964617c422a6e8b640b1e612a22b475072679e39b370dd9
SSDEEP

768:95wXybXqu9Y9yu9oh9W9Q9W9a9U9k9y9G9a9k9g9e9Ob9u9V0ae:95Wy96yMojUSUgOeYEgei8OJMV0j

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
2828	msedge.exe
2828	msedge.exe
3388	identity_helper.exe
3388	identity_helper.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
3200	msedge.exe
3200	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	636	7zG.exe
Token: 35	636	7zG.exe
Token: SeSecurityPrivilege	636	7zG.exe
Token: SeSecurityPrivilege	636	7zG.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
636	7zG.exe
2828	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 856	2828	msedge.exe	101
PID 2828 wrote to memory of 856	2828	msedge.exe	101
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 3612	2828	msedge.exe	102
PID 2828 wrote to memory of 2620	2828	msedge.exe	103
PID 2828 wrote to memory of 2620	2828	msedge.exe	103
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104
PID 2828 wrote to memory of 944	2828	msedge.exe	104

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Discord RPC.zip"
1⤵
PID:4904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffedb546f8,0x7fffedb54708,0x7fffedb54718
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,7241773576324312011,3810825322516508996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3644

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
1⤵
PID:2992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:2652

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Discord RPC.zip\plugin-import-name-discord_rpc.txt
1⤵
PID:2140

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Discord RPC\" -spe -an -ai#7zMap20768:84:7zEvent31775
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8afc6bea-8523-45e6-9480-9a3f8a6b1f07.tmp

Filesize
6KB

MD5
b15b4a4fe7ebaed916fd56f0731b1eb6

SHA1
40faa5f5d604ee04fff7fc9804eebbed8350f7d9

SHA256
f6ea7b81c727bf872b3d32e7a2b60136ed5d41f4fe33a34559af36b2ceee9e8d

SHA512
2a4f385be9a15b29a109295d3d72c1da2ef70429330ae111e22f7fe626dac39aae149150eed60f16d05de74974ab7c738dca13639680d1aa5fdb366e047288bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
6e849de61303e6a43fc5ff69b6684ac5

SHA1
4ea099b24f4f61c182705fc9d56519985ab26515

SHA256
de6d20d2f4cb03063d491884d3d8ef4ffd2b732cce47abe7b699ce7faea142aa

SHA512
f9755b04b0c5e6f8f6c6fd0dabc17743f384ce950b11efb7fbf73cf9284e324a8fca829e1a3e38cc4918811539462ef018cdb4273dc1f57bc7e8013a00d7834d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ca177d76f28108d050edf37d5ff5013e

SHA1
7fc1a6c7afa4591eb5588341afd1f3ab1eb3e881

SHA256
9c15f9a90bb20c03a2ab948e9251f051948bc1e5d42485624ed68502e5fa7f9c

SHA512
0c128fd4e3c4a922e65f2d77e94884f92ecc87120762ab48578baaf58121d46fd5678ce880dfef1edc66788a36d34b406cca548c4529580dd043904d92b45ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ebc1c806c1b2f0df8490ed3ddd2247d

SHA1
dcf655e552a62efd8d67db906ca8ede168bd7c04

SHA256
c5fbceb97a8b686ea2ea9ff6059dde65553383a46a275debd652d6ccd9546b62

SHA512
05cd4f5fb71b75a56b459f025fb1acc44480697929241f55b45c038275acf7069bb3651248eb84980a7497affdce3c08312899a4bfd79ca65b12132b56588b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef143627193e7326feb54f09e80a3a08

SHA1
1ef9eb2c0ab922c481eece15daf9e8178ad9fea9

SHA256
4df44cae5a0c781af46684bc645f353248ba50555c2c8f26b14fe6317d7f3a8e

SHA512
6c9ef1a18831b8cc17b70f334cc4ea53a9cd304e23ad08b190cf8a93551b681a2207d659e75ac3cdc97f1c44d9dd2b230bb38f2bf8e0d88a18c1a266c8fee36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3818f733525d2f218d811d45306fcbe6

SHA1
f96639005355409f905b6f8fda9f77dcfc075603

SHA256
f8c29719009b046d23cf566e4d10fa8367ee5f59977d4f24ada7cf1917d173c3

SHA512
56451dce2a4ba6c7a82b29227776af73c6cdacb2bf696413c5dcb0ec1599c3572b51cc3b3c12ae37df5fc4d5682be3c7c5ab40c17e6a1907750fa1923ad00401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
057f0c2f67843574f8587526522850ff

SHA1
60dc62e067f91285ed91554e1857b289d0bd1abc

SHA256
4cb725259b301cd4f113e56c59f7821e5bf8340165d0a5f676f9c8e9c077c810

SHA512
1d35708f43bda2dfe13789191504198505ab4af3493feef97d16bd20482b16f89cf619e2d3baf63ccce436271a5a19c4b3d177759d6824a5dbde68b1120d1b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c350fa33cf12217800212830a70adfb

SHA1
169a21d08764b4d898ede7a520362d40df5c8d15

SHA256
2b80e5f209801432c126242ef1c712a95401d2bf2b099ada86bee7d8e941dcd5

SHA512
5d832fb34aab896d961b4ae57d04ff99a489c803001e798d267ff17ce28d4e7d0a86c75de7b9ba1a44703c70009e23b68263e7d7941ef2bd6453183ff9ff506c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
587d730712978f68f2e5b021a9d6cc50

SHA1
1068d5d30b28aeb362254d187a1141c4b4042032

SHA256
8e2b11265f666eabb9a2a2e13df1d8bc70907611129dd210b78c0dcaf085454c

SHA512
c71d06f3649dd51fd5c5c435a622ba4bec27e36a21ea9cfa1e16f06964f3cc4cc8f76c20a41ceb1066b8b75de08c1d16c597ff8cd66139709dad4074d4c87594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a08ebf3a656272cd87066d2e8ab5d83e

SHA1
370fbacc233d5b853205fb1ece063cc3214a2e39

SHA256
599fb33f744d8d1db8cddbb1267f3a46a24eee08643d21b0b6971beb4ce759b1

SHA512
2e65023dccc4e98a27d451ecbed2805c54c7da0c447f3f98c07a93df9416f9041deca247e11da0df8b5da4796066573ef69a501e3e327aa332e526389e2d8190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edb3f11604ea082e4a8edae7e1b91a81

SHA1
a28496d95605e66e218aff5c559731c18063252f

SHA256
051efc9f9b1ca84256f5251bae9fea5cfafab1f80269e09beec842fb6e49d25e

SHA512
a38d41a0ef52bc86745a8edec116c74661cee5277e52a85c75425a2ee4f7a87709860db5e86243a2bb4a6915e9718a2fcd2ec160dd575558e24c9f7939b5cb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd964d9e49253846808b31d8b636c6ce

SHA1
49efcbae8808b99ca7de95f577219e87939c8910

SHA256
bc6ac3477d7e106bd2b3e118f08fa8938c5eacbb76320654712c878ba7fefb55

SHA512
2757438b0d057503d7b0fe0e37c1c280d3fd18b6787aa815a9bdff08076c444f501bc383edd50948b6de0c37cc084525fa7140bf11d5621dd4b88ecec0faf247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bacf1b6a8854471b2907f84df6dc6a11

SHA1
3519177776ae6b5929267c5d975ca988aaba9052

SHA256
fa0356688e2d4c333d1b7449247b0023d31126c8c1cbdca4d8c75fc6e1a9f2fd

SHA512
f501e2b871f4404f7d163529fdc4fd7ceaa9e0b818fba3bc09ea69614b1797a3f003ad1b444463f293f466a613f8ce9260866b382f29fb3c19ca7b1094b0b7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9e87ea2c73742c54a1c601b7c125325

SHA1
0de67e5ca1d1a4614c10a397c22a9d693e9aed36

SHA256
a271eade7d2bb102dd1fabb982f1b3d5c7d75b423a53e213cfadf2bab6fd0e68

SHA512
89821cf84626787bfc61dc990c55259769038fbddd883a94616452a3367d65a70c304c82a614ea300067cbe7b164e2f17cfd112284ee5e0f024dcbfcb0093e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79fc09183877baca0937e6c428480d43

SHA1
edcda5d829cb819c132bba86abb97300142bb428

SHA256
795c78998cbe1bd5b930910454d86f8d3a57a75069671da82cc76bfc3a2d8791

SHA512
3d9289b5f208c372308001d82dc55ae3755a01236e811eac9d667e7cff669f7575760dc198f840fc9f5fa3a38ac208578af94244b062b10988a55cb4fec1a2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e098248d1fd71073bfbaa0bc100157c2

SHA1
eb4de830d20961f0dbeefe72b750cd2e01da09b0

SHA256
830ec4bfb0cd41c5698965b8cb7ce14b10e3857e4698b295b81ac813755cdba7

SHA512
6ff978b6df0cf6e533134ff5228326f158342df0c75250799ec48b365c861e3fdf0a251b2d2d1c18a6f858f4e24ea945d3e606c8d26177dfd1b3f799681caa87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ac476e3f3d3664b7cb80df94375c85fa

SHA1
474c542adbed084ae7a531b6d7833aaea6c8ab96

SHA256
8d295406b5f3a5a2976da9b848b8b3c3defbfabca00aa4cdae4d57a1437c654a

SHA512
f18b44471daf57e69aaccf9936e76b09b56b8fa0fd7bc90d3ce439bd67cf7053805dc799d5e8ed15730ddffa212fe4edf8cbbc016370f551c81bcbdb44edded8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
036129736ccc576e665904b4de8406ba

SHA1
10692206a0e3214dbd3ae4e1ced5fc7ded9f2973

SHA256
a399f1d37f7c24c6a9a2e0920435633642f0e36805a8cadd8cf1920f6c482202

SHA512
65ffeddf2d7c0cdfae0a7a68ef79e7f103b9d05a7f173943080e48584dc5e1852943166271174e3c34168edfe5eb49569698a5e73d2a2b677be7cddaa374c208

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b9f053a8e60d05e4df8055742b664ecf

SHA1
acb10a23594d49307bf00f2da03b6366507354a8

SHA256
f4b89e7e82cf3bebc14add9f2c645bf63e24b164733dcf18daeced2badad9c07

SHA512
6125b8d34ea8b2c5802f470a1fae0cbf239a7a54ed4c05d153189a179f768ce50a301a5b8b151e8ae8d735a2f732a47852053932bd816dd5a8468a4ee49334e6

Download Submit
C:\Users\Admin\Downloads\e0832686-ee4f-452b-8a3a-eb5b913aa211.tmp

Filesize
41KB

MD5
1c499580dde0d7cd73313d910e5c93a6

SHA1
a3cfe9c902fefefcaa2e77e74ede7806392468d5

SHA256
9d855494ec0361946171caa50d243c79cefe9172989c9cb9e6e20f43fc2ad5dd

SHA512
d00f16dd0c848d71081668e1553cee8a483594fe6c66c28477d4b37b2eb6e1ed2467a191a26cd2e63964617c422a6e8b640b1e612a22b475072679e39b370dd9

Download Submit