hxxp://cdn77[.]com

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cdn77.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-557049126-2506969350-2798870634-1000\{CD743110-81D3-4286-B45E-C966E4188139}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1348	msedge.exe
1348	msedge.exe
1400	msedge.exe
1400	msedge.exe
916	identity_helper.exe
916	identity_helper.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5084	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5084	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 620	1400	msedge.exe	85
PID 1400 wrote to memory of 620	1400	msedge.exe	85
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 2528	1400	msedge.exe	86
PID 1400 wrote to memory of 1348	1400	msedge.exe	87
PID 1400 wrote to memory of 1348	1400	msedge.exe	87
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88
PID 1400 wrote to memory of 904	1400	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cdn77.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3a8046f8,0x7fff3a804708,0x7fff3a804718
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3542301808305402908,5009088027955486288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4a8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
195b53593e1ee4232fdae6deda56089e

SHA1
497c430f921c791aa9c015f36e06c3a377e70d5b

SHA256
1e72332c5b6cb85ec1d5535639591a507d59afcb039bf88d3fadb45f76be0b97

SHA512
d0e3ac364b101fcccb61be5dc8753a8907fd84bddd964f443daedd53817cab9e1fc9179c201b00afb9820d0bca51ecfe7a377c8afb2118467cbb8a2ea68b03af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c277451154e59f5df335b3170d75bce3

SHA1
f811b920a73fd9075bd1e7f0f5095816e36b68fa

SHA256
4466198d3f0cae2c0b039bfe658c1fb3fb336ed6d83308d17b1054a16c4b72bd

SHA512
360250092fbe198dc96f3ee0ae3921d34c56f2ecb1c2107a7f72735152d521606efa2b3a69168e21809d3f780bdb62b025bf5c94c571a0d2b451a39258347b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
38265d676f7acf4582cf7ea437604b6f

SHA1
60a79a318ab66ca19f5dcadbabd4b06d9f28cebd

SHA256
ed8cabfcb1d028efd9e9bfc6ca4fab0a31945e24be13d67df5b5ac37113c2692

SHA512
db5573fa8ba9cc9eeeb85c55018b5b40e604fcf75c4c57d39c77ed396de1a4401f5de5ab85815c96c4a87dcc1627e91cb237db47c95c9b032ba432df82cf6c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9c9944bd0476e7f63b73aabc3d08ebf9

SHA1
f309a138ffb16c870801c74952244f0b3eea87d2

SHA256
893551f5dedd9707ab6d177ffaf2756dd7dc6e2ba3ed375b487cf35623d5f4a3

SHA512
c6cf7b93f4fb680dd7dc7650fc23c47988a4b54b7727388d80b593b001052cae3cb8ce45735c39d5be278487eaa87d3f104221c7e67b0e5facdd9dcbd5fbf168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86bdb2daf54adfbedd8acb07910e4348

SHA1
5bff8767b5eb7936dec3b68f60766a9c06b1e474

SHA256
587cf249a2cec2dfdc6d9146ac23d5d98609508caa7b873813843d22ec48f53f

SHA512
9662e61d00081be5b8dd9acba79c0ee924e66caeae99ed278772655651d47ba860477bb72650a7f70486919b823582dd44c84795d4093ef350ab649669a86925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
12678b52f47740eb021c9c759ad9f920

SHA1
86c87c96a4436d24739af023ffb1672a264ab997

SHA256
072d91391a0e01bcaff41137754d27fcdc98d56a24aeb8b1e529199ebb57dfc7

SHA512
f91aadb3a5d549f814bb725fe8d3a6d5741d59033f795b9c55f70eda8d68845906f48ea0330e405d430d61c916ebf5669330c070f761b2c49a56bc3913d888d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a5ec0cff3e06b1bf8e2b90b47c0f504e

SHA1
a877742370101e6bf05d8a7d56d09cb1ece2723f

SHA256
c60ecd13b1a0a9daea8d177730efc047965acacaa760d436cf75e93f3c9b56a6

SHA512
9226e2abccd905403261cc120896a12685f56e6a20265bb43b1564b4128e4f0d5a42f94c78e1680dd47da69f4480c982a2ba7f41b7935a90add0d5a4945c5401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4d9b4c51da72abf9ad757cc09087c091

SHA1
08cb6e7b599c8700560afae598391aed10922f49

SHA256
28cfdcf94fa197efe0600e604b200e50cce3e0126e268dfe0fffae95a39ee8b9

SHA512
a965e3da90f78d7fbed19a6230c0db7f410833128965dc1fb2b6e272e1acd690b8ac9d8704d64609b5fcb93e7d975587ca5e2c7a37013f86b3acd97d9c40f72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
94fb72eafc9e6270a5afb72699acbf87

SHA1
c6bf9258c8fcc9a78e928bf13231cd062a57c1a4

SHA256
a5649c559ceada99e8da1b55c9d5fcf983c1cd09d94903ae00210de6f70a0f33

SHA512
6845c7393486447225bd7d3896d4845f0e2ffc093ad161a0a32edd920b0ca4c6c284490c8d6afefbb80721a3dc283ae3985443f933757d04063290cfb85ed4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bcfaf9c575efb387c5cc30a4a5854665

SHA1
3d9fbc20967f87f93e4736051a059e90d6ec6642

SHA256
bd41743459e7313cc7497546bbfc68596898c2a262b9b54dc144792f20978df7

SHA512
9e52ef003827c0ef6d5f9c7cf39b1a6e9f249f2d5911f2a74d2bf0bfa529780848872455b102a50365fdf388e439931424f8ec445d117146d83ff8940a8c3edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0a90773a5b2e52f861d916edb49abd1f

SHA1
326bc29ccd87d372a0e1848249471619a837e01b

SHA256
904baf2e0ce06914dcd97993d8948b4fcd6b0c3245af8a3b3626f168c493de88

SHA512
74cd6cbf0703571cd0ae346f9c513932a6116e3bea72210528754187011733b4f00839947cd841aefac611cf5946f6394a274a6c96b02b987257f12d035f627d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
47bb70ba0975724cd103714d9ba9d6af

SHA1
01a7ed39b29f9b494fad03406c2402d815e7f14e

SHA256
4f13cc2332d3f22ebff8b5e2e462a9e8192f2d8f7d5eec90b9a5264ac9f284dd

SHA512
dfe814dd0169c4fb9e23f38923db9808b19b300680e636e38309423cea2670e8ab2ed7ab06c6e04ca8bc44dd78529e7043e22f318728c209fbac79da2330247c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e5032fb02104bc520978b1b355d0b3dc

SHA1
e30f4fd09c704de86202478f2044f1477bca894b

SHA256
15c3b7b1b41cf7fb04b2f2df80881e021020832d34bed9e2acd43f3575d213ae

SHA512
ceb4a61ef19abb568809a8d11add0a3dbc7d876c61863a0ba1873da04f530446065d346e0c8ee6577db4fd20d546b7e4a84ac77bf08276e16e04788fbc30db69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23021d243d58e462fbaba331b191e3ad

SHA1
602e423b150744f1357a8229e67d32e08cdf9767

SHA256
c35dc86b4e89aef6172d7e0a615e73777d33bbd3a4b29e7d35db1dee22648342

SHA512
fdff2f0a8390d3e796d813d7a2e2f8d4564033b321eb842924e047033e0ed66dca863dc6cb3e5ca5a74fbf8df9a3e6d5b64e172d26a1776e3dcad64d4979639e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c421719e6f26069a55cfeb5bd3dac8c4

SHA1
b2c2d3e8aa486e4eb60b98630261765b08fca73f

SHA256
776acb2eeea4fb4a2d6f83bbc2394c334b7d6f955a1c4c0aa519774c7b3cfd91

SHA512
e9d3fb228486196c8ac16d6a264651c8fcd0c079d26ca5bef144ffbed616952e53334299029d52d2565360358b78810b5d13908526e12212455718f34cd34b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cdfe.TMP

Filesize
2KB

MD5
410c0b790927e714caa0fa8ee7fb378d

SHA1
df3b07579c28d26b1aec397240e5ef635fddc2c7

SHA256
62694814e6e1ac6da133e12d29c7c06f1da41d2e6220e7e6b97a345a4de6285d

SHA512
65a373e18bcaef1bc70e41fe7033c718e8dcc8cba093ae665ad406d8c10371b651b40dfbbe4b7d149e5cce1fb386c667547484f24242ea14342dc0de1cc545db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e141049b-4439-461c-ac99-0db25c59a168.tmp

Filesize
3KB

MD5
e87dae06b375aff9eac60cc653241aaa

SHA1
f2fd35fa4c470f7f22afd41fff48e275361b1ac9

SHA256
3ffe0bf75eb89f8181700fbb99bc733f08d7a2e8a97c2c9248058431372d7a3c

SHA512
b3be8b4744644f795dbb88522c039e34c62829176d72abe7112c481866afaec1d119ba9df5770d9805173a227bcfa2a3136b7f43cc9c81bc200e31d5cda20092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e79bea60-6959-41d1-b5af-23c0f071c71e.tmp

Filesize
2KB

MD5
945a77085b8017cdcf7da24f525b1142

SHA1
5b5ae07a02b4ffef2cf0e53b43c32a04796fa957

SHA256
47ee087a80238b103aa96998008786095870b9a46624a52bcf9d06da43488fd8

SHA512
02aa1983189b3ae33b66f0d4e3a04bb9635fbbfd811ba527a2a02cc9e45e87d0e1c2a8ad2ab5226461085f365b754c95a7a4af42dea5eca5c3b926ddad08bfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
77ad7cd2e0e52d2e0d77f422a026eafa

SHA1
317873de0e3996f96c55c6b1ed5c223d1044e852

SHA256
4d6e3b281973728e5bb55c6d593f1d318fb3eba161dccffe5e911b32b6f645b8

SHA512
245366d3b67da18df81d649aaa233491d7231c7c4b271e90790f6ea107383cb61e8a93524fb14c653932d21643b8eef2027eea0630bb1fb9f037b64694fd8832

Download Submit