hxxp://twitch[.]tubson

Analysis

max time kernel
233s
max time network
233s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
19/05/2024, 19:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://twitch.tubson

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1696768468-2170909707-4198977321-1000\{C63B6346-5C41-4144-89EE-1D5FFC43AAE4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
1076	msedge.exe
1076	msedge.exe
1960	identity_helper.exe
1960	identity_helper.exe
2900	msedge.exe
2900	msedge.exe
1120	msedge.exe
1120	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2456	1076	msedge.exe	79
PID 1076 wrote to memory of 2456	1076	msedge.exe	79
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 2428	1076	msedge.exe	81
PID 1076 wrote to memory of 3700	1076	msedge.exe	82
PID 1076 wrote to memory of 3700	1076	msedge.exe	82
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83
PID 1076 wrote to memory of 1636	1076	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://twitch.tubson
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ffb336a3cb8,0x7ffb336a3cc8,0x7ffb336a3cd8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,7558756374022379454,13829323118155461858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004B8
1⤵
PID:3544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e4ed4a50489e7fc6c3ce17686a7cd94

SHA1
eac4e98e46efc880605a23a632e68e2c778613e7

SHA256
fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a

SHA512
5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ff8bdd04a2da5ef5d4b6a687da23156

SHA1
247873c114f3cc780c3adb0f844fc0bb2b440b6d

SHA256
09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae

SHA512
5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
39KB

MD5
395699fc7fc3283d3bade75dbffa446e

SHA1
c9474c5a587fbd3a25c0992f1dfe7946e3b7abba

SHA256
a184c8951b524d5a22d7bca69a0d775523e8c095d158f80ac4415d87d17acd1c

SHA512
70749ca5fc0cc5b9b85d13ecde89ffffbc1af7b36a650be842ff303b0ed0ef49e8d9f3edb91324d42462446b882b2558abff235f42e300226e491432196ba8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
153d9573f0f824b040ac13793d95e406

SHA1
f8a73c205962012c4fa5b93ccbc77d7b1be3b5d8

SHA256
c70c12b65715e837682baf0eea8ff99a7531d9036b0b5a9d640def85df92d016

SHA512
5e0f64f8d333be4fff5b869952fe18f3189d6af97bfce10aad8acae96153b790108351083f1b80c40d76cebdca35e5d7e0f3371c588a02c74e6ea0055a3d2b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cae541609720764ba44ffc0f706539bd

SHA1
1fc7babc22e47d88384f3b133a78c9c20347267f

SHA256
d94280079bce8ff794e28045a6f4783c097fde95f04c23f7cd6a10ccae228a5e

SHA512
7d7a438c1684e0cca8d47fdc5b7735400e5f6b548c1709857d72ac37ac09352e6916bf86e83e97564ac165f92e43096c72551d36cd6393fbb64060e462f64a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5bb7fcfa1a7c56d4847b849653ae3d42

SHA1
b487bbed30340c8f1a6c783e9c6f4c34667aea85

SHA256
47650295da7bb2683c522a516f59f3cd8ceecfb98736acb33cb199560b1c200b

SHA512
69aa7605b73b3465987e767eddfb3b40fd9e76a33ed648724864c946be01c59decf2f4a128d3e2e0267fda0119d07cf1a1b643ec897f44baa357c9337c80854b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
833a10db8337a1bc93a4f581b4067b7f

SHA1
2528d5c5ebc77a64d6b8bed3683bf2ea938a22ef

SHA256
3048522c6efccb019df245eae7e11ba900eb9ea502221e66dd8c218069f99acf

SHA512
aaf3cce6555a145f4e76a49ec01d51ce2385337e14696eb931985679794f10f3868a1f5622498cbb2e334ad957ab6eb068e5862f46c988cfa057d3cfc8ad785c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
c7b44205572a616b0bf5c6c3e0d68b41

SHA1
630b0cb52670111254e4cd3a177e6d5300c565a6

SHA256
5d3ddff7c44f72dacbe7af6c46d16723fb7edc25af28f0fb4d494fe8ec23732d

SHA512
c7fa7b89ef86948305462fdba0116fcc77ab27ffed1b22c2e4ae85302ad8910fff8c5fca94c3f34d52942ccf6c2656981c55bb1ff2e5a887f96065419e75a5f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
555B

MD5
60a2b14501d302043d0056f0ac4b531e

SHA1
42001bda8c4c04d09c18ff778dc651b9d33fd47b

SHA256
924875700714302a52660a870b2eb2ef39724d30fdc4369b0b18afdac98f670e

SHA512
6ecb20b69c8cefc79f8a978a462b252d8e4f106a801bbec47b66352731a4f3ea3127b58171b39ec5ab7ded8f12a515b3fc8c2520b2c5def576937b50540fac44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b1afcc87f988099417d6ebf00f229722

SHA1
5f549be3f87a70afdcfcced653bad6f0585b383d

SHA256
0d633934d449e2adabce92eab413f9cb4f10b005b88d998f19c16b86b7667762

SHA512
af5e4e5321ffd8ec2ce3e65d84aee72042c89ef12f1ba1ee95b97c4c27c73f01f9f443ccaea71589fdd0dd9cd4d5c421ff644c0c96eb6d179e76eb29c7175d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8a6dfe9d1eb03140287359b7e3677a8b

SHA1
3a35d8784a36f993807a14ebb6269a6b31b39e3e

SHA256
7bed2163a8bcfa5673b091790e8c0bd6df22c7d0061c50254049937f630c6d94

SHA512
e234b0616f16ab64d0809991aeead34432fc6fc96b21f997cbddac0dea7aeb3cf3bf33c455250036793fb74262c54b182f935b2c093819acdda321441e27bafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f78b81eacf3476d25d36e94b57be3f30

SHA1
a71b64c17b5426f2ff9409af15cfc7a83ada888d

SHA256
985452bbcd55f68a58923df40226c25dcd94925b9e5d303c1c69fda2bdac7058

SHA512
39d3c38bcc1d7f8473620ac52ffad21437713ce56d1d9b2e7ef77428ccdd7a01c10666f4afefb1e0a626b86e9c8b2e381105b915035e8257242e325990f75b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
454e8e126e832a7a2bb3b3861de025f7

SHA1
c225cc269d597208d299daaff26f62f0b645105d

SHA256
bc0aa7c4dec62ff4a82ae2bdcbb39090504c58ecb29564fad10da63a364eda7a

SHA512
9cd284bf1b9a55f9807f341c619c1d58b335d5f3f7862b5c28e71cbae23f607c6c47384688f791953124f170c930793807c99b83660f3f94b282c97712583b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5c23081303616d3bcc96107967869f3

SHA1
2718cf9283965940db537eff1293bb08555fcf37

SHA256
078b68a3ed4e1ea61903750e28ee526a4011bf5b98e6458230aa25cec75ac926

SHA512
b0a2dfefd800624e2e39196c9ee79c733602ff636412aa51322bcd548cab1dd5a47ca01cbb71e8c5c91cadefee2c5a54828cd12959ce3c528cafbdfa18084a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d3a067c407e139393c7fbefc5b36f36

SHA1
9f30973c6067d18129b7c92288b87abc545b5d1b

SHA256
83c3a0aa88e4947f27673fffec25bb7fee54c7ab568b19cafbd463119334432e

SHA512
936a943e2d6ce7ff54a802066631698e82291f63caa8345181226d01fa2e7877a1f34e7676390af24156bee49a26a0218cc10fee47858cd7c942f7818f0de00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ab12251ca16f69ea0fb1d7a70b16b414

SHA1
d946b54c26d4ae42cba668d1d761775f3e91f62a

SHA256
af72b323f22cd89fd89f91d624d0032961b3456025002bf6109446690e903144

SHA512
414788d6647e77a7b2979d81e89008942ea5a2941f2aa97cfb47a544575e35e136c91edab0877e6c785891cd94e0cc8ba17b4aed847ece10085db2b614a0e181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c4f1.TMP

Filesize
48B

MD5
97daf983f718cf55a5d75844ccf8fbef

SHA1
6d61e525f00d43dbe9ee3386c591511540d17691

SHA256
c1703a506bce28ed8eec8192da6c819dc26464ef1273667c44c3cb24f7504a5a

SHA512
20f02e20af76c6ab5e476f4651517f667e3f2f1d56989291753c6cee54e5e9389b9d097b7dc22c749c79d591f0a324377d2e7b5751de6f7ece12ccaeb3825bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b379c907768f148ad3d191052c9549b5

SHA1
00cb0140221742e85264853294b908e5c6f8180b

SHA256
5170aa2d2c73b119c22b8dfe8517a6a91e29ba96bfbe31c463e637ccdeaf209b

SHA512
452a8ef9ad33eb3678dbfc16103fff16210f2cf1f64203b4a912eb03506b947ad8cefc530d2c09d5388ab8602990bd2d1eaae179890b70d3cc183c03249a02f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5a3a75fb4d06b272c853199389d5097

SHA1
0d1038f49a2227dce02a0765bbd85eb46ad6d726

SHA256
c9efcfee7f590c44e9c1f73df2bda80a08643caa8e925ab94864eaa806155f32

SHA512
2bd3e1518ddf870d8d793b96e450e3356b755aebb82e74b5844ed4c68cf54c8334bf23f182ae09ab1c4e02e1b40ba52c6a16ad49355dc057cc356c99bf8818cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5824d9.TMP

Filesize
538B

MD5
ee5238b1e253e8c8a1070f0f74e7f676

SHA1
5b30dec1b765f6d5d88f77b4216c9e299394d45a

SHA256
a8361a23676fe355d680e48cb5d31890c0c7d67113e9a852d46907e3780a8ce0

SHA512
8f2473b7ebe3c7a6bd71c5b28b60984b3a6f6289843b90a77689f3d3ec888aeef9c9a5d5f3a0be4ba07aba6d9593b3a51584040d001a2d87fa030a9dbc71f614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9df2f47-ccf6-480f-9994-bc3adb9e7dfc.tmp

Filesize
6KB

MD5
d19af6f6a3506c01b1e126a249447afa

SHA1
70c9f3114f25c567c449f0c1f9842978c979ef53

SHA256
6ceb963a4269961a457347e34dfa4cb7473761899c8165edf98547cf56b93110

SHA512
91b8cc0a2cbc43524e1993cb0adb9b48982356b8059807fc6e418861fffc0f0ba6b544a60f497ced6e69aa0829768e066fd282d76fc2d4e44476146eba7b7cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d2bcda340cbaa4f50bdefe7993c5673

SHA1
a70e25b51d77b6b8914f95ee44e29953fe916478

SHA256
8e5e3ec23ed6d95a725fc035ee8aa6a2ee63b653fa5ec197eb38ef1cc8b4a039

SHA512
bc836b74e7a9d1f0bf4d761cfebdd8b67f8c9ed5a1b9a153d0ef862a1dfc8faf3302b56d80ff2829d75359dc077b3c1aa0972ec4e945693d11cbad4511d0c7fa

Download Submit