hxxps://kicklet[.]app/vod-downloader

Analysis

max time kernel
107s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kicklet.app/vod-downloader

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
1044	msedge.exe
1044	msedge.exe
2912	identity_helper.exe
2912	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2568	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2568	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1144	1044	msedge.exe	84
PID 1044 wrote to memory of 1144	1044	msedge.exe	84
PID 4520 wrote to memory of 4016	4520	msedge.exe	87
PID 4520 wrote to memory of 4016	4520	msedge.exe	87
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 1656	1044	msedge.exe	88
PID 1044 wrote to memory of 4612	1044	msedge.exe	89
PID 1044 wrote to memory of 4612	1044	msedge.exe	89
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90
PID 1044 wrote to memory of 3688	1044	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kicklet.app/vod-downloader
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd37d46f8,0x7ffbd37d4708,0x7ffbd37d4718
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2412 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6956 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,2771363898454988187,13804755210325760473,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbd37d46f8,0x7ffbd37d4708,0x7ffbd37d4718
  2⤵
  PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x244 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
bed07e51026f7c3a33956ebf4e7500ef

SHA1
8ded00fce327637afd448964d92b161bc676e9c0

SHA256
e7beff4b6502021a13ca5c9827fab7b51aad7e745d417619dfb12032e89ecf98

SHA512
289d54c7a60d0e8b8dedd0858e7005dc92b23c1054680112cb78ff88ff7f9e3905fe301dfa4f5450fdfb2a0c4f24846a6a5028a77cfca18b98e63d5df9a6f5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
abb6198a9ad2fa4db52badc37aa5b782

SHA1
71b3997443709d890e9de85900b3350fdce0240e

SHA256
36641085a680c758c3830930da7e5a288733473ca27f1caf0948c5dcbcd1aac0

SHA512
7b39f066b12ca7388eb8bbb6dff4a837240bfc65ee0bd55ba7abfd9ec6d9e125f689fe858d56efde220757053fb5dd3bcb98d3124947bbde520d259decd05cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6224c683edf9ee160a5428653bea3f4

SHA1
5569795cc63d01ed5545de4cecc9e166d4216733

SHA256
b95ccdd46c22d527d528f492ae4a3ca7cdbf13450cb3bb1a9e8c55aa0c8e3f08

SHA512
f21d1d696a442667a027983c0469df36f9ad989c036f6c3d728141e5e208d036969a7780ea963ae573cfb7f4a29254f4f0df30d21e2b449b4067c899a1b28f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a000a0bb71dcd80092f4466a1b4e8621

SHA1
ec7c7c2c6c63ad9356c0802c2c2a0335a33e669b

SHA256
87f7094360deb1e1419928c021838b6111bcfba82c5c5b680c9050286347a300

SHA512
7cbcd7d5d5083bf1f069d002fd73764c4670d9a5caab02f7e15adea2e6b27d78d10819f68c6bbea9486116e094e1dd1af9b617365790e4565df45355379de95d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a33188f2f4447989c5a5ce119c67d880

SHA1
f36721cbeebafef16e352a0d80f18589934b4239

SHA256
694f6ba290d6d59b6649a625c35cdf3795fc44de6a061d4a1fb2e2aa652817de

SHA512
405a6ce285fa855c0355ca190730c75b400920267fa788f9ea1bccc5bdc70c506404fdc0c30254ff6d8726c560d0a7883a47c7680465e3a47f4b4d4af5a92c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d87cb53298d9df3acc2298bbb5b41500

SHA1
1699e2aec92b73832dad76ebc39d2e78e41f329f

SHA256
de2711f12037f7fc0ce976bd1c0d8a3da09deb24bebef9bf840fe3b8c442371e

SHA512
da0697137cf74f33908b6dbaec66cfdb513c3baf59b8ded6050986a1f1f7b220e9de9a6877762a9675d7918d5d7276085b2e540df19e096640ea7b6ce08653e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7af49a1acf5cdc428f3cf99fe83ed7a6

SHA1
215bc865dc3b62dbd6782e491d60552e9356e05e

SHA256
988aa7aed6b52f3def42bf1bee0799b5c3a99900bd3f24c08d3efa24dd454b01

SHA512
9d7d011b86d883af107d5a7080d1aa28735ae5cfeae3d778bed84c621f6fb1909892d605a24176a31a625ce6ea1c065ddb18a91a19538d920274a408411c0689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dda646061fe3acdcc7df0230e29cec5e

SHA1
5a0969bb4b85d2f7d943cdd7a300260be4c4357e

SHA256
d3b563cf26ad0218c5d90562ef96aa9dd42ff68aab415fe80f754d5d8dd64ca1

SHA512
40ed95854d438787f0bfa981a8b103a4127efaea9d979db52c98045867803fd5be0dcf6e39fd9a3f6529abaaac535fe528024adaae1eef6dcc375c32eff85113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2fe3897d538058e90d6c571bd0ec821a

SHA1
1aeba875678162e0e3b598ec1ded7806f5c6b18f

SHA256
546f93830dbe466cc4182762ff613a7cd7227133b066600ab530cda7d37f98f3

SHA512
fcd39543a18e1a675cecf27106e262a3e9eb3233ba5ab7b7b2d5c4012c733e0256c793bc5fe84e81ccd4c8e97260da7b995fd37b1db8e65c16806ac333edfdd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6ca31b1f21dc611ca98c120737b9c590

SHA1
5338c8bed0da625ebd4289eb76ca8dfa7cdc5a54

SHA256
fdc20d87f6ba4a74084cc032969d39aaeabb2a1c8da35c2b97d7e5fad861284e

SHA512
604fb19601bc94fe77966011597bff80266e776190c47293db64cbc793db1f35b740d3f815c1b156200bb72cceaff7c8263b26edafa316bf2bbcbc88b2900feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d06.TMP

Filesize
707B

MD5
4b864810c1d151be13d5922e782c0b5e

SHA1
de3152d374c7e9fe434b135d793875d0c1d6e576

SHA256
86e185b118ef26435c9625e24353e5ad3e1bd1bc29879d0e0d3379b39cdeb88e

SHA512
36643848b55d9dd36d61fb621e496c8575ab0607d86a40a83bd485431802018994ffe32864f0399393e89a064f07b9bda8acb0434ab129948f54c7dd080e5262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1af1490ba560ded7fa694a76282672b8

SHA1
68ab7c28734fb2d749f35de46fcab8eec7e3ae6c

SHA256
aea40658f96e7167788d16d4d8fe80bf1e49c52f9617d95c48425b8271e06872

SHA512
1183b77a5496f2134c7bb7eba9b9e62402c7daa6edce45b225327039d8b8f11a8be4f0f125a4ed4c4078bda65aaa8892fa1e57734a8de34ab0b1861c7868e2b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
57d29a5d5821994c8cbfc077e0bbdbca

SHA1
bfed98ec03eded3dd23b7489efa92dc62916e5c9

SHA256
d0f39409d42f7f92573ef58ddfb8fd6ca0ebdf005e5518983ed744aa04b67459

SHA512
7896e79d50e953406637c952f3f669f53e699f8c6c6588f89586303b36f43613ed533567fe02dfa3d647b6e6b771d3748a5bcc85128710b13ab1ecb444a27e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd7355c2fb308ae7157241a84261060e

SHA1
1d2b862d16cb8899f2bd6e4a1cec3a1390a4eeac

SHA256
d18de5abdd47164cde284d9322ecf386d1e398ea09892d91df2899508c81d4d7

SHA512
93c06a3c20c4a4f8a149e467b9fa9a911f3f486364eb02e29d600445fc03eeed1fc48640a491bc6ef0322404d8a2bfc3b05d8beb307f3b16f2ab8b109f9c156b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
096b5188e69d54d8a8d96b017e5c960e

SHA1
b4a047b794e0d8079e2a0e594e53d58154864e56

SHA256
365841258c8f1156bbaca76fbaee71d536cf32669c533ae9aa15f2f83f0671bf

SHA512
e1a50e4a9e57bdbe79ade8b2794265405b41b538e18f617d77be219e9b83a596f7fbd6581f4cdb29da059b6e570bf7ab0b6f4aa367cd732bfa3f363747ce5ea1

Download Submit