Analysis
-
max time kernel
1690s -
max time network
1694s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-05-2024 15:19
Static task
static1
General
-
Target
Screenshot 2024-02-08 10.09.04 AM.png
-
Size
38KB
-
MD5
d58994f5ddab27fbcfd3f77c0d60692c
-
SHA1
141935dcbd9b039f48c80f5b3bebea41d415ed05
-
SHA256
dd10c947b748ec08abef273be0dc3d5031ef07360627f8440e79e97206f023af
-
SHA512
83a16f77aff12bb989109a6162900c60e5f0b02b9c88fda1b6ead592f4b91d74920b63eac9746892f4637459662a127806d5e0facdb353be72a8413d44de527b
-
SSDEEP
768:xrx2GSlzCOHUtD3ha3OFn4KHGPV6fqEAM16BnobEN5B:p075Uh3MOySLoBnoYN5B
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{6A247B10-6D6E-4A32-B386-CF7527FB4BE6} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 764 msedge.exe 764 msedge.exe 4048 msedge.exe 4048 msedge.exe 3896 msedge.exe 3896 msedge.exe 4712 identity_helper.exe 4712 identity_helper.exe 2368 msedge.exe 2368 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2032 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2032 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4048 wrote to memory of 4468 4048 msedge.exe 85 PID 4048 wrote to memory of 4468 4048 msedge.exe 85 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 4832 4048 msedge.exe 86 PID 4048 wrote to memory of 764 4048 msedge.exe 87 PID 4048 wrote to memory of 764 4048 msedge.exe 87 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88 PID 4048 wrote to memory of 3164 4048 msedge.exe 88
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-02-08 10.09.04 AM.png"1⤵PID:1776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe7d123cb8,0x7ffe7d123cc8,0x7ffe7d123cd82⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:22⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:82⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5412 /prefetch:82⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,13927972921960109366,10686427476657514624,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6624 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3160
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4512
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2820
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D41⤵
- Suspicious use of AdjustPrivilegeToken
PID:2032
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4092
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:900
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ade01a8cdbbf61f66497f88012a684d1
SHA19ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b
-
Filesize
152B
MD5d0f84c55517d34a91f12cccf1d3af583
SHA152bd01e6ab1037d31106f8bf6e2552617c201cea
SHA2569a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA51294764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD57ba5bb0fa11847fae3d30ec6d11a7bcc
SHA1983372f83d8a71077d07e2fcf94e58ca9d385b57
SHA2560df3816ea90057e13145498a8e1da30ed051270b2310a6e46978970312f30215
SHA5127bc3732e9f39f7db8b3884e3d6099af60c6a75aaca2d57412ae6c78a28f60c9fcca8a8f9bf2f2d6be574100282946a1ede85f375d2229be0a9c45c0838f5e900
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5d99cdf36e73935979f15c7665adb3521
SHA1df246a46323d9048b3a8f3220821aee402307542
SHA25627f8ff5c6830acd200ba3caf982e561ad6ff0d165154ce7adcfe541282bb0135
SHA5129b83ea8327ee7d23d74279656eee899bb14e3d47b8b745ae1854cf82ef11fe6293be93480ba88fb0a9c3eb31db8139b0a74de0d8793e21c02d2923021e05d325
-
Filesize
2KB
MD56d69fe0c57b156e71666ba979769b5d9
SHA192bd60331bc4c42bc590bf4f6fba11a759fba620
SHA256688b4dcec67d6a9b51a25df9b29790821fad57c85f53d233482d10957af98bcb
SHA51229e24c164c2472f9f78430b97e7d0e8c6b1caaf91d8c774cb3bed6edbcc2d3cfd66f015298bcfa0734a11d7dd4ce8a4691ef120aad54dfc84942897d04ca4006
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD5a747a128f58af07b62fbd5cd854957d9
SHA11ef18523c42c0f4c857d3fdac1db5f65a8ccc7d4
SHA25693e233ad2647f0fa8cc3bd82dbcb7cb068bb192b0140cdb7463e34c88c880a49
SHA512707bc36ed9b0bed23c10c8f52c0977e961f6e551e8eea6d745cc6717cebe3e2f08ddac7d9a23be385e8b7754c24462dc3b4b2a0ae3bba868fe2392e4ac291a6c
-
Filesize
1KB
MD531b1d4a3243dc97d8c961905cc2ca3c7
SHA12fe925847e6489ab76e6a1a9e837910da1b32479
SHA256fd28933332537a6d8f4b7e0c21f4d927884ff48c85dbfa481665ccd4d9f372f6
SHA512e01c16f476fbf9205d61ff37cf91287105395093a4bfa0a8f2fde66b49d7866bbe86fde0b4f3cb526ca781f4c5bbc5ea6c9563e51abd8e8d2258bb2f87a61809
-
Filesize
5KB
MD5192d7ba0331c39f625d40d2ab2091db9
SHA19f9e568190d420dd390f3ad23e0cc1e54dab0600
SHA25685e0dd26444871e1be88ed2d894b385319a38fc5d8542a2d4b1ea2cfe02ab9d1
SHA51280a8cbe4bf3789a95ded77289848641ecde933e8dfd6fd2193d8447ec3eab66ff49a480fe4bf9e39ccd96183a7e52d8d75a2b319bf33a341d0d50acc59461dbb
-
Filesize
7KB
MD558a21466cabdd59c87c54acfe29ca2b3
SHA18d42b7d39490679813dc15b294c171ccd1f4b9ed
SHA2561c5538739becfa0c52f2828a380090037937f123787e64f37e4fcd4774ca5edb
SHA512935414d6682d91ebe7653a9476e266807241707e04021d2617ebf12c8ac69c7ccc206a1bde65ca93f62394c8bb09806699bd1f31421f567c0baf84d52da41f8a
-
Filesize
6KB
MD5779b0e69e9d91b47ad26a23a4fd628e7
SHA16153d4cea1fd5fe66dadaf513aba0de3e4065c8f
SHA256612fae3444dd0e23a3ec76f5070897ca58814a0261eb14b610c86802de428198
SHA5128df007619a2885546bba7974be1e84d3b37ebf927d1b87d65c12a9db0115b1f7a2abd6b2e3cf1cafb5b62d167d157c1790c7aac8bc6d5b99cc5067f158ecd895
-
Filesize
5KB
MD532fe80e6c460e95b5d4f7a934c83f12d
SHA1d7c041dde48cc23533055f598aa9c5c3210f2250
SHA2562435d2c35a7f41f8251be0d399cc9693a2ee3bc1ed6c37712dd7519f27039858
SHA512374ac3421e07275f71de2f785a2998bc98c6140f8662cd9bd88e823ddc5b6f52ba937a95443258e003ea747875fece564eb90342220ab37c695a1d49af57fe41
-
Filesize
6KB
MD588f91acd03947db622f3c92ca4b44ea8
SHA1bbe8b13a6ecd62ee271b4ec5a155be4ad9ff2931
SHA2566cf97ba055889b28c60b3fbbc04f44bfaf4f5cfaa47d964d3fafb384c35e8a0c
SHA5127291195eea1fbb417f1d9a98f52fa7559b758f587b96fdc4302f825632d2c20ff3b49558c35e6f6861c5f7ccb61cfed6736244407715ae7130076adb42597cb8
-
Filesize
7KB
MD54ad33bc7a2d005ef60a5d4d93549cd55
SHA17857cfbf2a8862a0186d30fd5aabf66c75db7da2
SHA256aaa83447ab5ab1fd5813ed82bd1f1e726d25cec216e1b42f6b40b0bd0e5076d5
SHA51290e87f65171073c66be5f87e731fcfdbc808f1015b32a0fc3193e76513eb1e7c751ab184b4a125ad1af18d4008a46103213bda443e9c5652ac960f1cecd5f3a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5e70e43395cc03ac1c54a91c1312679c5
SHA140c8815d9f396a7af1503994cd452f2ecf397216
SHA2564e3df09e40c10962466b61142f8a9ce6df7879e25138044dbf3ffeab5271c1df
SHA512cf1c0ab789efe69f925e7d2f6a75e8e4a47f81e93d2686158b1072268b27a478624dea45351562d52ab8a2b3127eae4106b3563a8495dbcacded95aee96a838d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585a21.TMP
Filesize48B
MD516c28f98f026b0f59095098d01be0331
SHA18bdd8d3e7287049107b275959c611e45d51f6746
SHA256ce707d771708a4e56709bdada0972b5e297c0e10479189e9540c3f7747a5c082
SHA512679d5465471ab68f9e9906c027626dc77e223e438182711e71d919244127c94d32d2c6c05ef09c65f808460fbb3d6f6abf1e88292aafb69e5689c49c3c571a55
-
Filesize
1KB
MD5f2a3699f569f6e0087a084be95347b28
SHA17b9a3f3c1f45cc914489cfce4ccbc0c31e9137a5
SHA256fad77ad01f06510e8ba0c2a4db6d841f614a1d73a926a2242621f5f801636694
SHA512d26a3cecd0408c7135fe4013cb99417c5454c7ddb96509ae3424897136b6122f57d393f7e3b5dded9820290c181568541be02d984b54e1b6a103a23b4e664faa
-
Filesize
1KB
MD5640126bf3499d29380c83f910de3ffa2
SHA1cca963c4562f51cb84db509311de7c3d46c493f4
SHA2567db6eda0030aeb870d836042e4350db6cbeb700d62f0ce1177bed4690b889995
SHA5129738b57629b8b701fe6e1c5b942088fa55582974fb080f183aa7a1ddb914eb8f6cc9493d2618d61d451abb68b4537bc8871e3e32ace8c630afe4654c52e9b729
-
Filesize
1KB
MD52792165f512b6ac56b4e247ebec36e65
SHA11ddaf3e0ff91e9653ebb77bf5733583714ec370a
SHA2560513d5ec0e20ae4cf8ced79a6565d6511d598c4f870537f48309b6a25720a235
SHA51263144166240760f07edff134be79a4d902ea7f1b0a5d1fa9cedaa2fe5f474a32a9e9395ce632ef6d2e97c1e03af6c17d9298a6303f05ce9e462fdd68bb426363
-
Filesize
1KB
MD5c7c40c41fff6ed7582e28e0e2256f451
SHA16ff071d5f3cb4957f4f314cf5855c3b09168b073
SHA25647e856f7f87c7f64c01b06990fc73c8010e5e9155864b9eeee8777f2a558e0fa
SHA5125796ef3afc844d9ab0b06e4979f053973ad78481bd6668d36b684e3bfffd85d132ca672e4bfdee2009ec448550ce1fbeb12cba101af48c386e5a3947dc1af593
-
Filesize
1KB
MD572ba9755c28f62c3d59793cd4f08e7ff
SHA1cf4ec7650ef9698feb5c396a89e54b0e8f56f89c
SHA25635f26327d492e1dee7409d65a302bfb024075985e6ca7e67439158119d7e4ab7
SHA5128b1bf9967cf938b2c3501b5dfec8c45caf63b53c33bab4c6f3166c04918191e728b483c4f4d4d003e87ab01913b71e9e45955037a2ee57b1d4e3e4b884020268
-
Filesize
1KB
MD580f9de6578f4aae5a926791a86cc3c13
SHA17e064b10b8950e1e62121147c385a258e0383e6f
SHA25689766162e40f12adc65db1284d0cd64aad26cf9fc566620d01bda638ea153f44
SHA5125d3027f9166ac3d13997766075e16911430e35c054bf44410124842fdd0ba8ad125e64aba9829f61048c751f8572139f3c8d202a67c7fe19192bfb71b208cbba
-
Filesize
536B
MD5841dcddbab3163a7c44da91aeeff1c5c
SHA12a27bf76e8c890c25b9414c948ba67ca6d578526
SHA256e1fd1b0367d60a6483348d76f2bfde571e26a53ed2683c40d7532fae31aaa72a
SHA5124ffc10faa097c51728daba2717a546304e3872ee98c9fab487ac36b22bc7f3124a712c9a226d40a5db78c975292e945b63c40836a4eb08b3d91c517bdcc07aaa
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD59ee8b71c62ea3aec88eb2e76f3647245
SHA16dc981f6a2c8d9b3994feb5dc07d69fde797c35c
SHA2567bb190c6c3d0a6e6fcf54259891877dfd433fc42274390fa2a1b9f669a0bd164
SHA512d0ba502a3fe2daab1a19b2bc422c16761c1ecc6aea8090fd312f19735fc95c1db650f7d2671252b236781856e2817f360490749d63ba66684d7156df2344602d
-
Filesize
12KB
MD5ca251998ce2534c91bf8a938338c6bea
SHA1da251672ba5bf6d9b822c5fd3660547fee256874
SHA256839ab09932b6c7d73d76a142b6d347834d3f255a313b48a8752402e8d03a2a9b
SHA512a259daf9dabcc663854f894d57b4d491a11712ff862c2123b7f80062d9c896b209fbbee74b2d5b7b798a39bea7b5f5889b143d9587df8539a644fe27128e042e