3cd4f97039c205f47433834d91332c3a587114d4e152a16bf1dfd1771511580a

Analysis

max time kernel
960s
max time network
1034s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

219KB
MD5

76ffcbacb30f81cab787314c1f0c7222
SHA1

b293c53512043c3d6a740f32e1f7cf6611096b5a
SHA256

3cd4f97039c205f47433834d91332c3a587114d4e152a16bf1dfd1771511580a
SHA512

8abbdd3a2625ff8ce0a54f1b618d625fc2ed9e283c810e697e59f1773953b21b5da8b7a4d5c5f9f409dd38043c83a3e176a2375801b2c6eb1e198e093e71722d
SSDEEP

3072:l8ObwQ8Ozop8O5U8Ozok8OCsuwoJloVl0tn:Pwwuwk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4316	msedge.exe
4316	msedge.exe
3164	identity_helper.exe
3164	identity_helper.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4656	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4656	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 3024	4316	msedge.exe	83
PID 4316 wrote to memory of 3024	4316	msedge.exe	83
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 556	4316	msedge.exe	84
PID 4316 wrote to memory of 4560	4316	msedge.exe	85
PID 4316 wrote to memory of 4560	4316	msedge.exe	85
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86
PID 4316 wrote to memory of 4500	4316	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc284846f8,0x7ffc28484708,0x7ffc28484718
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6988 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4086262812754528029,7097805790818796786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
27KB

MD5
5713bf84cedef998b329b0bfc7eb8447

SHA1
0ad6e6cfafcb14d4a1188d9bc4a7a993251394c7

SHA256
1d73a688425a3c452664d5c41f152ef0e941483ea8d172d104adadb1ff7d6056

SHA512
348414e766723fa987074347324517030edeed5980c034232a9ad50dc5666c636ab2317763a166153d5f4f79cc83b40fa85bb5007b5e5fddc3260e8a8f50bcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
29KB

MD5
870f93e2a0cba1ccdedb822096ba0529

SHA1
1dc7366169abfe8200eef86a7dbb066b1c888415

SHA256
42e39acc0bc9209b1e11622629e40b627ebfc667614a02fa4aa6341a587af2a0

SHA512
40b09e76998f7b3b53c31e1b7c5e404138901934e35c794c8a0d6349f29fe83e75a09d4509609851413b0baa85df9b14edb646d9ef06617c4c28b1f3e98206ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
99KB

MD5
cbba0d9bcfb7ad9cebf6dfdfccff5f91

SHA1
0c86b60214d6b6616603a5cda17c43eeda348c7a

SHA256
5d6965c53e37dc500a7e8f968e8748b1890d8c85e5b5c39b1235057b7a6cc7cf

SHA512
eafc07f63b931ae770ec192b1ee9301cecb0583399f8c914687251a5e2184265587573b698174e16f8afc3cc3ca6cb74421c3e7e85b19fc7fd9e72722a4bc4f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
23b27116b3c4831452570f751338a118

SHA1
7d554a38e31099d02daafad046e94fc1adccedfc

SHA256
c55c717441910dabc60477e7cc7c912c593b992a88fdb173fa8308735b07a69a

SHA512
ecd101f01cde501c64d961d050686245672426afb50ab00cb35e9462615477a267568cd3310fc7e5dbb39e345d0a30cb3b532ff2e0600b08a2851fcdbac13828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
64KB

MD5
0d195dd38e9406c75882ba90cb063949

SHA1
117557761105bcfcc3f49c5d6312ce8bd382d2b4

SHA256
e7f8740f6058aa21acb34e453bae47d0749fcfb578d8f2ca15c48fec85f2191e

SHA512
99aa204b190bcda69cd9a5b812f27b5b3f5ad30583e34baac713fc23f51eca18e8bfba490fa3c40f31911ee4b337d01c0f3e8278479c99fe76020ce630365524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
37KB

MD5
76d550f09f980024269450d14f99a818

SHA1
520f0870819f4e97a06d0ecc4589202d5fce8c32

SHA256
b6974096d5d110065ff8a1c6bdfc1b3797e5c2de6fe8084c5785713257234c00

SHA512
807efb34d38cf6704266eca2e831631373649be653684f0bf493bfe4023947bbb2fddc948dcce4d818a63f7a805490ef5dc130cfdc4606cdbcd25ec712657fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

Filesize
303B

MD5
d9824b067bd74d31ea14001e211c2327

SHA1
ddf9383e64f3fac3e25927bff1ce141d17debc9a

SHA256
fc773c703132d068f9cbc15b2c807dd0aa93f2dd1cd0f0534362595a89934c4b

SHA512
bcc91fbc7145ab5b091a72f29ac185b6d5412d6fa2825261beeaa1c9cdd38468374146d1284132916a2d75400b75c8f2b057559da4d80cef79d58ab4b8492616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e2438f72919dd88c_0

Filesize
387KB

MD5
30f2ea7587aaaa78fca2805bd6a2121e

SHA1
25b941b429e46dd68a6b0ca7b167a84206f394ba

SHA256
ead5047888e38859755066d3ef5f15ff77d99b0e06feea09e7d3200a5807042a

SHA512
80735f3ead683d9069c8ba4388f9584d1869745cae866965191e57198be2554a4c49260721a786cfcbeef73ba491427f79d8858a12257e7433fb4472c40e54c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
d3bb068f27fa276a3b30ce033cee38ea

SHA1
3b810ceec8bb1ac5140ecfd51cb5925c45d3087b

SHA256
63fb2cfa301fb723033db374cfff410af6065e90ec7e25c7f288fced0b8883e0

SHA512
7fa0d42814f91da943df515ebaafa5cb346c60dce60bc9e7b96b878221b28e27f6b7223662ef3636c0abbefb560ce0adf0f6c659bfe7a4cf7e38cbaaf9f54509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f86d4d7a917a4f91c34c1b2cfea3795

SHA1
ac16a8c67a854ee7a81337398071e68a4e5e7a11

SHA256
b6887d3430e21da7ee9c7631f6477d5f891442591d5fda52425f0e247fbf9edf

SHA512
985e716b3cb176bc5794fe565667f689b905a8cb512bfcbcd0fb7eb57f23dd83408390cfbf3e418913733e9da9c88b4a65b6060cae7a0e50fc1c7416c3d1e31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e40992272d96c7703a71350aee26fce9

SHA1
ed63b496756bc72bffe361b59c035a3bc9d0f53b

SHA256
c947054a66840490afe2a70061bd9326704819e1d85e5eeec5001e23021a982a

SHA512
700b73e87849c9672a0edcb917a19470e14f0b0d46a18fc6765d53ce717afe6cd751f659f93bd66ef6f909dbea2903e67846d96362e8c485b7d915db1af1faba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
af492663e8d9448ec5893d95291e9166

SHA1
33fa60286cb0a798faf3c6a001e9c73a23dea59a

SHA256
cdf8216111b9adc284c63d5af0777225e86e4f70e319445ca0b48833a53b39da

SHA512
7f211530d5b47a760ea51e8ad5c4b25ccdebfa4a4e4a37fc0e7300d811d5f9f5474efbab51da0bc99c0b8a8b5653242f0ccf29c6bc0c9a9cfe81a48ea5eac1ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
306f9583315f0a2e08f56b92e6ca9109

SHA1
8a007ef60afb75df054e476e46e30c8b86e15cc4

SHA256
0da8df4d56db7fdf88a39ea16026da0e89f45db51534cd0f4d2f8bfbd678c39d

SHA512
2b571711af6332af2f5ad5e5f469bb659cd659f40017b8c64d798ccdd652a505bd07b40d2fd26243d8eaa0cef05028406afd77737da76f033512606b825570cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1545407e26a4b81d45febbe9272cccac

SHA1
26504a22a515b42af8ada46fc73cbee1ae318522

SHA256
4452c56416e266278f256472de1676225c452bd55ad1af00732ed4234a627f08

SHA512
e2440704182efaf3e4757ede989fc0cf440e6bc33e9cb4174367b87c8619e8432a586357f9e64516340eafa09d68cfb9c5b498f9ba8ee0e2df21206dd8c39ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2e379d81b923158e57e71a5058dc2b93

SHA1
f480490b42e5d1a90356b462305dbc2b06b1f86a

SHA256
851c51cc4b64ae9c8801e0269e7d7390a3815cc13c85d57a2548fad4e3f17a84

SHA512
36fee56947f2bde91287e116f7227e8d2dddd023b127b63feaa2063fb46883020acd2f5a6ed82d935b8d54c5411681c9d8abefac9fce136531ab83a009ab246f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f193c0db84eef7d43339b8aa0c184311

SHA1
181b2a864c0d36d74f266eca8fc8e3598e3b4907

SHA256
d253455dd54317ce28c34032bdd62a6049137a06403a5e7293464a81e8f67c3c

SHA512
7bc4c8e988fb491874c85598bbaa8575fc3c5c42a2c355eb2bcd04b0fb7bee50bb43491c31d81786f382b6ee174ad1aa1f17c0841e5c2d8d7ff390126878e7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
594be17525f90be84808038dcdaa3ef5

SHA1
27d5ce645406c6b4450cd70d332b20064cf2dcc9

SHA256
bf3ea963e2c32e6029bda5d5716401c6d764a6af95b71e8461898cdd82481b9e

SHA512
af3fa20961ed41ca583a8b636c91c82d3fd1d028e3737b8b5efa70ce9b7b0e81001e4ae9f5df944e44b9f45d2691f0492f7990e96ff3fc091b2f7f434e5fa841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96bd71241662707223509001f0a13dda

SHA1
caff2f233b62a84f0f19504878b1663281712d93

SHA256
4da919e7ea08bc67a3f84fdff68be03951f5a286288631ddc691e9030bf567da

SHA512
0b42bf4f88cb4d36feb65e07e2c2d74a542af534380189e7d46fd2060c7960d243fb35614659a279542a11aab322944c99c23cf914f8e9e6ab8695cfc1559ac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac3e38f1c8e708f6dc0927094a1f6e8e

SHA1
f239ff159c3e0cdaa31a9aa1b56eddc727e877b6

SHA256
874a6dad3db950ca19715e128f5097f869a86663ba9c0e1e0ab9f7b7481a4ddf

SHA512
1584176a907b4430380eeda02d47e6412afd1cfd20749e0e45f1deed5a8e9d43c159a0f990b8a18a2f5a731d578d2b73fec9a5643c1527567928b21dec7ec51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1441da3c29448bdb8f7cbd3bf09531c1

SHA1
06a25ddb6cabd774e0b05f5ec55077b690e10746

SHA256
97d8b73acf7122fbb12f6106ff09965edc99cc359b6f5b24f0fc27a1fc9b9d06

SHA512
6ba99a15fcd5cbb536a2e69db829cf8542336ad6b74dec4d78932324521e3821ec84d27bc1238d5220fa0d230b24ab569999789702cb8c92075336d7a05fbdf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86ed868fbf8f33e6dc1effb89af5dfd7

SHA1
495cc97c1fe3c867c407aa6e11f2507d02bb2ba5

SHA256
2368961377089b0db0b1677fe25ce1c5312e19e684103c9149037b71e57d29f2

SHA512
b5c064341c90f3b37855ced2cd44c3bacad602a724b93023af1210ff5f171be1c53634e4304ea9d93d1774575c676bb05cad6b3dc2d5f0a4f862bb8541261fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8c1.TMP

Filesize
203B

MD5
1b5aca14c088a79696a2f6784a96ca9f

SHA1
c2068a80b243544ebf5097175eaeabcf9d1c16d9

SHA256
729c8c4aee38236396a1cc26472268b08a1d2c3979d4d0f29444967c50760c2d

SHA512
3612527dc075b1df4c3f195233a7096933d276e005e40d951546470ea6f5c931d739a683f819b6a84c196ad3311c1cc0a07678302d694c1693ab5f322fcb6b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2814eb406541e5570e7e8679888f26d5

SHA1
700cf4bb866d6c5b36a11355691b39ebcc62e78d

SHA256
1e400968077eaf411fd1e9ee650d7416a30ba889fa61e58614e5866c5017c7e4

SHA512
00571ccf57b586d2e656bcd507ba600755bc1098e6d113d19cdc3a57920e4eebc60ee530f8783add1bd77a2f7c1ab6aba29a546a21c7c5d28835499f0878ac42

Download Submit