cf858a1f4790d49ea82b6167d283fafd334d9d54641fe01c9048d201c70d3038

Analysis

max time kernel
283s
max time network
284s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

19KB
MD5

d9a5ade02800d769de2f0fdabc951e26
SHA1

9fb2eeb043520d85ddf5549aae985bd654358c23
SHA256

cf858a1f4790d49ea82b6167d283fafd334d9d54641fe01c9048d201c70d3038
SHA512

02a0a2bf45343df797baa9a4b02281aaecd6cc4815c08f3f17b2a90d42bb67b3a764f27e8f0c53701ef5316b5f7f16c56ced76d83cb68a61fca79d60a5200cb8
SSDEEP

384:r6gwtrDDpmReVoOs4y9N9ylKeGMx+U8HhhbgTvclX771AW7S2LjFrSE3+bVJCBXu:r6vDBVoOs4y9ryI1Mx0Bhbgrc5v1AWri

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{D8D4B77C-E950-4664-9B5F-E7326D52DE62}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
4756	msedge.exe
4756	msedge.exe
4968	identity_helper.exe
4968	identity_helper.exe
996	msedge.exe
996	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4992	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4992	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 3428	4756	msedge.exe	85
PID 4756 wrote to memory of 3428	4756	msedge.exe	85
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1868	4756	msedge.exe	86
PID 4756 wrote to memory of 1948	4756	msedge.exe	87
PID 4756 wrote to memory of 1948	4756	msedge.exe	87
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88
PID 4756 wrote to memory of 1964	4756	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa4e346f8,0x7fffa4e34708,0x7fffa4e34718
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2080550185971455313,7723948815002842254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4b0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
35KB

MD5
a8a8903ab4cdba8caa91f8e3f494ff38

SHA1
f71d0f1e9eff127aeffccf7aa7e032360d565045

SHA256
c6dd315382ba4bd95452147f126bc6776372117f0a81274e6f20279a78910e78

SHA512
6f9cc2efb2fc55831d45e3a4bda01bfe7bd02bf6ff3a844b183e8beaccbfba31f314bf50b0c93e927a3824e90c2d90812def25f5b9450eed362d544a69ae73fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
b36bf0bc042f10f9061a6f5e555b2dca

SHA1
76a0b3e1af74adbd78d75d93bc7bf38d4caae779

SHA256
db2243add96c4820c823ce724ea39b818179f8b3bd35d5f30830300640a5df5a

SHA512
742be95e1469fcf9dd4d3c3a68b9be6c90186f05f04bdc61b9bec4bf20469b1cbe2ca7a2909f661f64ee385837ee31789b98cd6a78fd3f3a1d169ab5d20fb1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
51KB

MD5
8547bb9f4522dd1ba71adfa533311af6

SHA1
052d790abfee4e771c79b7c0a5eb75d82dc075ef

SHA256
1812f62e9b3a10a743096634180a56bc37cb548c8701fa64f2c2417124d639d8

SHA512
bf9bfd36694be9451be900d1958910a8b0ee3c2d4228c2d0c6ee6f96b90d34a6f2342165aa7dfcb33af8b124f0c0de58680b36fd4f7c2f62e0eccc27b3aa4552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
882266f32a220c31614b22353eb4340e

SHA1
92419e65c8cc2f9068ced67c4c81a817fe189a56

SHA256
6e27d0bd4c306d5e9d1e0a978eccf852db964d9cbbbd726a4e561bdb76ed983f

SHA512
3e4a673fd36c2793613650c8dd5a57f7466cbb821ff50420f34e0aae9fcd58397a847bbe11ddf05e0a0bdd325416adcd783698a2dfbcc3420b7615b2f8a6ee07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
de1a28231e60c2e16a5516bcad5f1360

SHA1
011faeea74751268635fc3c0db2e72ff8966fd83

SHA256
6df5be16b7338172dda65b8c94f8c226b66abe19bdf68081b1d7089d86046dc2

SHA512
81c6d24c3938976433266107e3b0eb6d47fa08ffc2ea92be76735468ce7708f666625bb443c999de55302165dd146731986b88e4b86da9e9d9607e6d96d93a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d5fa4f047214707b412862a1e1f8738a

SHA1
16d273fc750a5aaff78aa19e4249be6c8f3eea19

SHA256
9f1a26d8e9c693c7f71f43e638477fa3408b2aea132d68dc5b3f6fce87db914b

SHA512
009230b475e21293b24f1dad1d2488411c6bc5d7512b33c061d5655a645f4e58469447b1592ed7e4d26ac2e7c7e15268c9023aba59d9f348dba58d14e210abca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d24f37ffddc067b0590f52be04f06068

SHA1
1e9fcf6539e6cea6f5e907d95268d62ec5a81a92

SHA256
297af3db5665f94e59ba1070f777b225ac29957c0c60f9fb1905a9e86722c0e1

SHA512
a5a5a14ac402bab0d3d88bea329fe6959ba3d1ace59fa278ae956e7bc033acff0359eb0530f24f7807570d372481c921398f04f629c72696ca7d90098b1b2c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
748B

MD5
282d2d3e3d669f2faac22759c4e13975

SHA1
e7433adf4db68a72b9909a2996974cec124d5eee

SHA256
44f2c6aa71e7ecbbe2948d152160e470ea7c1b9b1f2794f7fc55fe15f2c71c7c

SHA512
4eab3d9451c4321fa896b2ac4839abdc7b0045804581e4c43bc509628d41c375b032339898ad09d590b15d07ba69484c854fd8c0135bd5179759feba1b2ec94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5c579408fceada1037839e482c6f3f74

SHA1
3c9cfc5260df5318d4fbba542b77c9ffd275f84d

SHA256
24468c7efc650b24c77380b194017c7302f22bc25b557b6d489465be724cfac0

SHA512
ccfd7360c64d5cbb5bb99c259cd18826b0fe5c58de1870dd2afb80d44e206d3e9b774c02804309ea969c3476a739fef238d4e8858e58cfe331f05a3f8e05876f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a7a2208df65eb0c207ae4651d8751ce3

SHA1
0cf1a52b0f3e3af20599c1edd45ca2b2613aee46

SHA256
aba51f5d5236206cbc8ce9a75688e1dd51c9194f6329b2f5776ca8ff20791b32

SHA512
d66c3554792ce5a691ec70121e2c07f4914b9d024df3f39ef1d9542241069d3c1d8ea6f4e41c9c82da320520eeb564a3591a597291b1b5fceeb39a5e2b2040aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f104d9f564546144bb1ddd28b460d441

SHA1
8740d81130b3a8ee7b9e993157d6b64c0fb87428

SHA256
b3367c3833755173180d48919db7fcc2eb31bcd3a99cb66c7b2721edea933e58

SHA512
03151d83dc37332655da49bd01ba0ad4f347387d4aafa88718b0be2cd194dd5b77ef6fac7278ed40004def56f3984d52afe26640dca8aaa9a851f9b1055c4ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e703fa4238f11b0cef7c29d6588d22f2

SHA1
136d69d38b69b78cc0e54302c68ee2aad718447b

SHA256
fbe40b04847e49ab4d64433f662a5e3b2412424745843be1be5dd0e93812e121

SHA512
ba699d5abadbef361d8c66e8c8da695bac6a88840d896eeb22fb3eb18b1c60afaaf2606684179467d2e48e3a762cb2f4c464e70cec9c7b9ee37a233fe4b6b9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b912e6ebc60265e7cf43c391c3efdaa3

SHA1
3b21b1dc44171aacc9b336f6370f7e7f6acac36b

SHA256
188e27b6f84e4c0bca6e92dd672b3ac7697190861fd5236d53b916e8934a29ec

SHA512
22e3f0279381391a66954ce5b09814dfdcfff298d760eff2c993e48899ea3e126aec66df53449124949d2cdc259827493d46effed692d898a105ba259661f23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8e207454e57f57072a03c75da2046d6

SHA1
f5a3dfe1d2bc6dbc3118e8cc42185fadaaaa6f7c

SHA256
9da3cab6b4c764e107718b30373a9b5518ab98998b34ab30df6006cb7500feb2

SHA512
bbce5e8d9e787918926983266e4ce4e2af91280f2ed510c4b875c654a0cdb7c8d9fe032ffb76dfaf9c64b09160759cd22e627bea06fa93024cc9a33f3e77500f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
279f8e9483f735fcc03f19b91f98ebc6

SHA1
698656064b873110bea66492d489a20a80ba75a0

SHA256
e337f6db88211de206bcb899a0607b0c492763e2f5f72e53053f734623a1e602

SHA512
a8ff35a5c68991c75562397fd42d5307544c00ecc5051f9911cf54ee0806a4eef703fe0716a940258d6ec74283dc53238ee83642ebece16ed3e5103d9670e7a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a3b97822d587ce2c25ae5adbb84c195

SHA1
92a0d84844bad129f6c2a8c6b09bd7ae625094f9

SHA256
303e55d68f40e917d34c16b9ccbd2297110a631f4319694efe1fac3f018b3ba5

SHA512
eeb340661c2de4dc0b9885a65c9492cd35aaa71d760c3c0e5a0e793ab73c13dd7825c33101b339767a07cf12de674662cce911b8d80b7c942bc9215d8259f46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
7c511a97111aaa90187f384676acb0cd

SHA1
638769e6ebbc64656de61f9b9465ec2106f77df3

SHA256
7a6da1a378732c690f667c1d63e80dd9d7304ef840df7b4a60e7e10ce9badd06

SHA512
688b73e8193a7d3c0aad09e6933ef281911a25e68053f8418d4473dd64e3e5c062a614de4bf116118d57d4896873f6635a7862996816ab37f4b722f5735acafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b02ae86640a3f48005c0639712a2deb1

SHA1
265b92246102fa190efd5996fedfe663088c3363

SHA256
395b80434585114602b6d4a929fa6f8ceeaa45e951e12bc6ac384f15661af903

SHA512
73d4e9a04d17d47940b37161362ea8b68538bedafd577f1cb690244c23e0d48f3fb632d07a6df04a4693ec7b07204a0b0597597d8f89435989baaa6b2dea2a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
357de468319b191a4603307709f6fb4a

SHA1
c220eb7b8ace9a5e31a5bb14097f61efe751fc84

SHA256
859dacf8581ddb60441d35eb8e2813c0c91f793ebeafe9aecb3521b20493656c

SHA512
b4f9b47a22f71a4109766f4f90ed52029197bddccdf6cc84522e7f374cb5960fc6a76c9fc2c1075ad1c1df81c5f4c942cf8b0ba5b5119c73ab7cfe1a0501b6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ace37aa9a0f086173ee0292df34bbe8d

SHA1
64080c4adac73812f482dc4ade4819c2cb58acf1

SHA256
f113c96dd32d99c6c072ec62f7f069780ff44b13aa6d94f4d6d6b5cdce4e4f3a

SHA512
42b2c2bf08d68a75da1b6a0c2f3c949369bdf881616e6a66e2df7e1a08ec2ed974bc4150df36a817217e9bdf23549936551f6509ce78782345574bac91a7bc64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584d60.TMP

Filesize
538B

MD5
a10cd29a7137d07aaf4fffdb6f2ed912

SHA1
c992942234ef46f90ab40d2a9ba109b1f91eabd3

SHA256
d151afe359543c59b049135c2a3dc52898859ff7640d98bc0122e7351600cef3

SHA512
e74778d37f369c2bc76c2f181257605ec4af4a8d3ac43c0f7fc3002e25c5debda1f4252af2b445148eb8a6d631700cb2426090b7a69d71166ee882d170ddde03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
943f298c8af4fc2ec2d1d3420ffe84b1

SHA1
6d283adeb80157ad3c6d094883b29252e69251e8

SHA256
a099531119ce3c09912d94e771f92299acf308fbe382e2236eeaca2951f122c5

SHA512
62199fe49c2fddef61a111b284087896f832a7eb3520c431d9deb3bc957906744b70675d184b429b78fafd0cd48acc3c06c3dd04d0fcbcfa81ae270531f5201b

Download Submit