hxxp://tr53[.]sov196[.]emailiq[.]net/187579/1325470520/38081874/15/0/l

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tr53.sov196.emailiq.net/187579/1325470520/38081874/15/0/l

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5064	msedge.exe
5064	msedge.exe
3572	msedge.exe
3572	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
5660	msedge.exe
5660	msedge.exe
5660	msedge.exe
5660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4024 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4024 AUDIODG.EXE

description	pid	process
Token: 33	4024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4024	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3572 wrote to memory of 1060	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1060	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 1832	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 5064	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 5064	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2052	3572	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tr53.sov196.emailiq.net/187579/1325470520/38081874/15/0/l
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa75c46f8,0x7fffa75c4708,0x7fffa75c4718
2⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
2⤵
PID:2568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
2⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
2⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
2⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1328 /prefetch:8
2⤵
PID:5388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
2⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5284 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
2⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
2⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
2⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
2⤵
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9052057563458036078,5619613859021375989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\87f11bdb-040b-4bbb-9eef-193960782c62.tmp

Filesize
1KB

MD5
a58432db0476e35c34461f6a203119f3

SHA1
95228f7c2deddbbea020b57b52a3b12e10ff6a3d

SHA256
be8f81f397fd4b1850ce90de604ebb0766f4976eda150f9e62901e3d7d63c25f

SHA512
0a6f2a449d4cc39a52af652d71a48ef63a674a0ce1710109255dd7d7b8aae862e4937bde85b1f07f531160be23f1d65aeaa254d7aa38df0abee18ded8dc0f511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
0d61fa4a987dc4df35b3cc3b66600dd5

SHA1
8b7555c165cff9594cd4f4fc8c3ef62306dd59e6

SHA256
f47ac58c65ada7f78821e87ce585a1c718b91e2bddf8d01103d61b9172375e5c

SHA512
76e26ad2b0a65d57764bbadd093e735d74698e34695207e7c96ad06ca1bad3289680a7466d3588cf26d8f5ee7cf484dbac8b1e52d9ca5b55304d8bf35ef5ad2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
100KB

MD5
c49e6e6395b785a8e915e3e23544e017

SHA1
119d1cef54712afedd907d770ffb87cb97ff3bc4

SHA256
9b84488d3145d3c4d4867f14f338d40279d0e5e503baeacf0bd3bf210c8572ed

SHA512
46adb900311f9c5cb55c85141583a3faca9b63e78263d7d7d3acc57ca3afdaad3f6caa0e98dfee2ee092e86f7c72f628791ebd23239159412d13c6c5c72ace42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
73KB

MD5
5560db913014d18fc36d023b36c19f95

SHA1
9c4cb6fc7bb4fb796c92205afbb7456e86fd7dbe

SHA256
eb08c9d3d1adfd109f4b8de6ba2fe5d5e4c0d4b4a1967dc9efbf8250f997f6be

SHA512
1e96806ad2067d0c8d8be7fe552723cedca599e01d55fb96006639d491ec9f61546678d5271b6b73c67bf3774a9e23807ab6d85bd7ef47a772724e35eb2d1a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
86KB

MD5
bb48bdaf6b765b2afccadadd8f7c8452

SHA1
47dcddf363fba2f215fc251dada06dd80b8f8884

SHA256
7705674911370a0c70fc8f1034fc28723e49912c643bff2c6f60ef210d461499

SHA512
962440c74bec5db8cc0780bc14c4230ad4c61a6e178531577490402eccbdba062580d7b427b323b4f8e6308a83a3d011457deb097c9ae3e4b0c8bcbabf0f8cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
136KB

MD5
e960cf29bc84f69389663222e1377aeb

SHA1
88a63c96981842c605d0b09cc8dd13e45a20d874

SHA256
64688f6baa47036f9e9608bcdca7d9d00074fa63294ae7b61a8173de5652d971

SHA512
c8e25afade97fe96574adfa28aa4be6a1a3a18a9a07159927cf01c9d8741c6d6bfc451de1abe195c12cda57110b4dcc88b12c3fa6c02eb9c860bb580c9e8380a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
190KB

MD5
4efe46d3cd71910bed4ed59b24b7689b

SHA1
3571a387f98ec233b6334118b8914ec0d07fc1a5

SHA256
bff82391405b978434b089f593b07213881ee9e6523ce39490e2c31e9aee033a

SHA512
4e0e1efd291b7eda67d19e14a0dbff53eace20e6db495d91ac89bf8a504e35f21d9ede24cf13a360665df74afcf9c03a20440150fd76762415f235fb7f6aa3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
62KB

MD5
bc8cb81c7ea536b63373f638864c5e84

SHA1
32e259348e696d9d68c23f802cc4d38a505c2d76

SHA256
dcfebce6a4e63514e0d5aeb25c1a2f2b4d9921b0f799e210896246cde23015e6

SHA512
6b7436515620e545184949429d71c29f75255ed082f127bfadc57b55793ea1059518e65cf8fd4ad8143e88e43592d26927a9a6072bc5143a5175194c648e985d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
31KB

MD5
a8ca491377c975b5759b6560e3e77610

SHA1
01113c62963a36aeb721412b8cb2bd9e95d7e676

SHA256
af372c80315337f1044a0a6d093ef0f811dfa2a0a21037621f0fbf509ba4f033

SHA512
e3f711361168840a689ee2327147ff4007d8c8ab740b14dd7448f7796146042e4c21cdc77643cd651720c9076c2f05c0de932179e3c8405595662025f53369d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
70KB

MD5
4485f74527cceecaedc79bbb0e910503

SHA1
51fb2b48b7fed4bc45f959573c3beef9100cff64

SHA256
b1082d3369f46ab73b5c2b8ce99ea63925d6f88d88a133efc346bd6781ae93de

SHA512
e2fe6dcee1794b886305abd9d2511d05ee9f5054ac73e8871dce21624b34fadd8857c49292522cee224010e752f69d2ece7a91be904249dfde08ff244bc3d637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
28KB

MD5
9816bfe04abdb3f57260239f230b7a99

SHA1
b392d5e26871841d215c01e1cb01250988f4cf8b

SHA256
a8d286187da928cd55195f6a15d4c89e770108304503f19508835b1ebec32e26

SHA512
c6744e828ad90cdb97f16cdb24d02062ba0ed39d9f87908331b1bdbb288a2d8554fe37445dbca56b0c853b56c0b2a843bbebd8ee8062324b04055e0cd20a1b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
40KB

MD5
fdd0a7a58b37d9f155cc7fa6b00200e0

SHA1
1b3253a11da97aea90eed315a7169d23e8b373d8

SHA256
e8823739e5e8b0492c9e444cbe0ed35489984efca1143a9f9ab23552a2dd45ca

SHA512
8cc794b459865fcb651743499580bce8a546402f340f42f52b651df100e5519e66035378fb534c03fa314165627dbb1a43a8b92132e33282b2c570c4b66bbf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bfea9022dc1fa7760965a5755033edf5

SHA1
4dcab76f7f8ebba05a91be82d15f2a5963e2095f

SHA256
8907b8ba049a9894d074859037d8221c4635b92c4bbe5f9604ca806a1810b36f

SHA512
dffb96dd5f165e967accb989de83d5650142db15f818425e235deecc123a929b51edf62a40b506655f76125a89e026e9e74c3ed91f3a3ec5519f59414e036f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c75b69328cd0411e63b41ef70c331662

SHA1
42b1003a8e72e23983bae3b5ef4c264d42032a09

SHA256
5849d78a407f600c52905ebe702a98bf6253001e8b379aad3e38bad780b1ab93

SHA512
356981176e2c7fcba49b99b8b345ba290f336b9c7a64fc5a35a410cea69ccfdbae810390cca6ff31ae5508ce8d4cec30bf5c94629f48dee05dbc319643743103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
088c697fc0e8a55c0b6efdf2d6b73235

SHA1
d4694de7d2cf408d4b4f23ef157cfe80a7011584

SHA256
93ff62a3b20a808ed6d030af6f8243e7e4bfa101f0e86f77c9e40d5bcdc8f9fd

SHA512
eca1c303d150843cd91ce4aa6198a7817691c7ecf5515061944ff4415f6105feb64ec6368efc049ea705a5374f3dbe7b0b22c7f1f4cbd4978020c3870e89935f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5752b870602e0904d449a39949c68d98

SHA1
21e485f7f80d518e40de9212c7fec1de60a49495

SHA256
7b83e7f3bc18ee7d9869ccec767f211749112dac4b1c138349d6fea030fdc171

SHA512
87614ab86e86fb5b07c64ef60f0d64e48717ffb5fa3f6257f29882482a0a06aae9405dc978a580f145b5741217ee151d6abdba5bc53a647d5caef0f9b02bcafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8dfb1f38a94f64b86d1b5046c2232e83

SHA1
72a4e876f6b4c5555c5466c0ff61fab6d4a0dffd

SHA256
4e1ca17775c08376736f93426626804a06414bc9a9755b370f146d1d019c5a09

SHA512
e184fd538247e8122403bbf42ff0e654c48bd0486ca494a93a3f24192b9fa5a1a0ba176c8fab65e6a31f7daed57261c22e8e33339ff022838631acd0070be921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a309cc3e1d8ab8fddb10c8c97ba5da18

SHA1
77b2905632fc5d06edd89eb7f899374f2f7d0469

SHA256
5aa170cdad9369a17735e2bc004fbd7ee2358c460421e5feec08f99700bc9f98

SHA512
779903d01cdb04db070156b14054d0207d1e73958b0cd817cacc2b6f31d24618881bbd8aeaf835e837f62bd9244929250c29e8c31c10b11481183bafca0fc7d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
82a62a0c8d0d5871af8f2916dc0d2183

SHA1
4464c71ff823b6c1fbaed14b0980dfa5358af20f

SHA256
cc439c36163f8ec5cc41c4707d61cee035ccece14cfd68349132d2c9caa82ea9

SHA512
1d021e461d8f8a41947d8fec17be11d53fb43381f54b7b17bc24542e40dfdb193ebf97fdf4f5b13c925333294a2be79f2d98a4dafff8ac0ab19abae3ae747dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f12aa4305b727c1ad9ddb186d1cf625d

SHA1
dcdc2466eab2f4268cd663803593ba48ae743bec

SHA256
b55ea54127b3a3ed4789cb67a8b4e07dbe01a3c4d1bac4a7e816defbfc7b2510

SHA512
8fbe6f2d43ddf2f13cff427f35e216e0ff82b7683ac3dac5018eea2a30d512b351873831f2ede2c12d5e4f680de36583ee637210d8afb9081c5df60bdd6426d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5c4cbf9d6d10586823e487c25447905

SHA1
49f1d18a2eb9f26bc54c066fce22377b752074b6

SHA256
820dc034ee782bd0462def34d40ce1872cc4bb71a8c154b2f9c3b6097687aa6e

SHA512
b63777cfc3e9bf2ad7a3398d058231ce4b6e34ddc032276abfcd832f85f9d3d9bc31d14c3219ae67bfe8f173e2261a454af959137e8b14cd19c79c01ec62de1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
211a582be6bbd46fadff1f30e64ca828

SHA1
5559b79825df639f2cef6474cd2521daacb513cd

SHA256
0ebc5908c4d9f44bdb35a3eba3db30b9c893585930a12e9b2da560a1e68124d2

SHA512
6b0c80d92f178fcab219cd095e57f79df38a6d3550815440888ac06662b8d6271244c8ccaeb50bdfa0a7e71bf1925dc175db1c7a049b6355ebd7767467633698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2368434f33e0dfc23adef5d1b05a4a24

SHA1
7402fee137c5760203198aad9ce625c2e5ec7bca

SHA256
b7f44c9493059aa6dc3dc24603de5a1b42838cb74ddf2b8f9838d363b1877e05

SHA512
1dacdefd3f00c128cbd7860c2c02208e5a0f8c5dd362d7c535d9946ab44d8f38b715c7a54b596b5da8153e7f5d50f56e5ccaccd4021e60b2c7638c2c70e4e1b3

Download Submit
\??\pipe\LOCAL\crashpad_3572_FTWXLXQKWXBOEVJE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit