Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/m...

windows10-2004-x64

10

Analysis

  • max time kernel
    1047s
  • max time network
    1050s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-05-2024 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/moom825/Discord-RAT-2.0/releases/tag/2.0

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTEzNTk5MzAwNDI0MzU1NDUwNQ.GXSbPk.iv-msreCIRzYUJ9RK7Q1fDebzZ8oW_4EBrXn_k

  • server_id

    1135992828158300262

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 54 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/tag/2.0
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3616
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c14718
      2⤵
        PID:3456
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
        2⤵
          PID:1712
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:888
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:752
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
            2⤵
              PID:1912
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
              2⤵
                PID:4956
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
                2⤵
                  PID:4764
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:316
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5304 /prefetch:8
                  2⤵
                    PID:3416
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                    2⤵
                      PID:2416
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4368
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
                      2⤵
                        PID:5700
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                        2⤵
                          PID:5708
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
                          2⤵
                            PID:5864
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
                            2⤵
                              PID:5872
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5112
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
                              2⤵
                                PID:3244
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                                2⤵
                                  PID:1056
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                                  2⤵
                                    PID:4568
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
                                    2⤵
                                      PID:5860
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4696 /prefetch:8
                                      2⤵
                                        PID:5780
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5652 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5792
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
                                        2⤵
                                          PID:6032
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
                                          2⤵
                                            PID:6112
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
                                            2⤵
                                              PID:6100
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
                                              2⤵
                                                PID:2368
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
                                                2⤵
                                                  PID:3760
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                                                  2⤵
                                                    PID:944
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
                                                    2⤵
                                                      PID:1408
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                                                      2⤵
                                                        PID:5052
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
                                                        2⤵
                                                          PID:5020
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
                                                          2⤵
                                                            PID:4440
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
                                                            2⤵
                                                              PID:5228
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
                                                              2⤵
                                                                PID:1124
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
                                                                2⤵
                                                                  PID:3120
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
                                                                  2⤵
                                                                    PID:1996
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
                                                                    2⤵
                                                                      PID:4696
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
                                                                      2⤵
                                                                        PID:4788
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
                                                                        2⤵
                                                                          PID:5512
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
                                                                          2⤵
                                                                            PID:3996
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
                                                                            2⤵
                                                                              PID:5528
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
                                                                              2⤵
                                                                                PID:6132
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
                                                                                2⤵
                                                                                  PID:5420
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
                                                                                  2⤵
                                                                                    PID:232
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
                                                                                    2⤵
                                                                                      PID:4632
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                                                                                      2⤵
                                                                                        PID:1256
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
                                                                                        2⤵
                                                                                          PID:3116
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7540 /prefetch:8
                                                                                          2⤵
                                                                                            PID:2808
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:8
                                                                                            2⤵
                                                                                            • Modifies registry class
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:2644
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
                                                                                            2⤵
                                                                                              PID:2932
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
                                                                                              2⤵
                                                                                                PID:5988
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8252 /prefetch:8
                                                                                                2⤵
                                                                                                • Modifies registry class
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:5788
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:4776
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:1472
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:1652
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:2792
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:1312
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:6080
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:5164
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:5700
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:1824
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:2976
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:6016
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:2452
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9984 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:1092
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10348 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:4584
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10360 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:3740
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10356 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:3216
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:4920
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:3200
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11084 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:3172
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11200 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:5528
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11192 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:2520
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11196 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:2412
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11648 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:6024
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11884 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:4628
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12156 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:3336
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12176 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:2020
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9936 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:3600
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12280 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:5800
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2040,11642457806671876012,12323423344001278295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12896 /prefetch:8
                                                                                                                                                        2⤵
                                                                                                                                                        • Modifies registry class
                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                        PID:1632
                                                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                      1⤵
                                                                                                                                                        PID:4940
                                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                        1⤵
                                                                                                                                                          PID:2860
                                                                                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                          1⤵
                                                                                                                                                            PID:5264
                                                                                                                                                          • C:\Users\Admin\Downloads\release\builder.exe
                                                                                                                                                            "C:\Users\Admin\Downloads\release\builder.exe"
                                                                                                                                                            1⤵
                                                                                                                                                              PID:5572
                                                                                                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                              C:\Windows\system32\AUDIODG.EXE 0x52c 0x304
                                                                                                                                                              1⤵
                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                              PID:3048

                                                                                                                                                            Network

                                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                                            Replay Monitor

                                                                                                                                                            Loading Replay Monitor...

                                                                                                                                                            Downloads

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                              Filesize

                                                                                                                                                              152B

                                                                                                                                                              MD5

                                                                                                                                                              4b4f91fa1b362ba5341ecb2836438dea

                                                                                                                                                              SHA1

                                                                                                                                                              9561f5aabed742404d455da735259a2c6781fa07

                                                                                                                                                              SHA256

                                                                                                                                                              d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                                                                                                                                                              SHA512

                                                                                                                                                              fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                              Filesize

                                                                                                                                                              152B

                                                                                                                                                              MD5

                                                                                                                                                              eaa3db555ab5bc0cb364826204aad3f0

                                                                                                                                                              SHA1

                                                                                                                                                              a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                                                                                                                                                              SHA256

                                                                                                                                                              ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                                                                                                                                                              SHA512

                                                                                                                                                              e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                              Filesize

                                                                                                                                                              1KB

                                                                                                                                                              MD5

                                                                                                                                                              9181327d8e5c75bf018466eb2a9518ad

                                                                                                                                                              SHA1

                                                                                                                                                              391ba9147209b41fe579b2ba345d9e560c0bcd41

                                                                                                                                                              SHA256

                                                                                                                                                              44875731f09981c4ecc1b114d27195366c8b14f2dd99ade898a30949697ecca5

                                                                                                                                                              SHA512

                                                                                                                                                              f0d8edeb85a7b4e3773696c7f6390eb27c4cd2f39ff06bb4afd942270643db76b8332c3c8a0ac1d25bc26a9d9355713ef20966468c7304c3997147fdb83396a8

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                              Filesize

                                                                                                                                                              566B

                                                                                                                                                              MD5

                                                                                                                                                              809b5306db6f1496b010c781bbd9a9d3

                                                                                                                                                              SHA1

                                                                                                                                                              794da9d6cc2fcc42bbaa558644b3774f711ae823

                                                                                                                                                              SHA256

                                                                                                                                                              4ec3d292997fd4ef1e5bfe6a2b9300730c893a15c3bc7091d13a66d4de3e54d4

                                                                                                                                                              SHA512

                                                                                                                                                              889228992c4b84fd00f2eec2b368ef1e0bfe850d2a988c30d4c0cc7e92d5386f8c963db248ce51720e73882b14baf6ef656b53db6aa3555f8fd0e8dbbdecdd2b

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                              Filesize

                                                                                                                                                              496B

                                                                                                                                                              MD5

                                                                                                                                                              30322550d9f9c54f345ea1c71f3b2e8f

                                                                                                                                                              SHA1

                                                                                                                                                              b5a3cff2995147279c2bbed7c03b2280ecb286e5

                                                                                                                                                              SHA256

                                                                                                                                                              4e7798d8476361378f8fbfb0442db63c7f6bf7e1830d50808bfdb8a58700d8f9

                                                                                                                                                              SHA512

                                                                                                                                                              261d1f5bc9c8a369f815eb846c252f54681f70862153bd49959411450870207b3ee240cc9016533c27401922527d561cc1ea7bb23708e4a257f071d010cf55ef

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                              Filesize

                                                                                                                                                              5KB

                                                                                                                                                              MD5

                                                                                                                                                              e579aa0462fac2e60ac946b6be2c800c

                                                                                                                                                              SHA1

                                                                                                                                                              95a7ad131033b0f01720e83142481ae94272d263

                                                                                                                                                              SHA256

                                                                                                                                                              377b23f91957013a1e7146bf4e6b35cb43e4f203e469045ee929d8a43a0e3602

                                                                                                                                                              SHA512

                                                                                                                                                              098769196f53d91e0a5c0be0dafafa627246e3749bce086d5648bc79e2c86361d3fc45ba5d56e564569f2961a05e2becaf95092be024aff1ca11366dc2dd9411

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              52e43dd9657e17302f2a2a584d4ea57f

                                                                                                                                                              SHA1

                                                                                                                                                              4fbad46493558c3ae5236281e505f15f6a37187a

                                                                                                                                                              SHA256

                                                                                                                                                              20866ca2f3a7c6236bad5fd8add31786e8170527c2d92eacc9cd046c5986d899

                                                                                                                                                              SHA512

                                                                                                                                                              462f309cffcb0cf9d4076d676df920e9a2e684f7d3bbd093526d8e60e4880542a55945f3befcc15269eb831e5e77808a52346f2d57398a4e26ea92e12307fdb4

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              ca9b3c86bc9ce192009a7967ee83948a

                                                                                                                                                              SHA1

                                                                                                                                                              cd18f1a536d042a099928438e0d5fa54bd563cf8

                                                                                                                                                              SHA256

                                                                                                                                                              d4feb271aedbb738d59f478a9044f018af5bb35a97da23f79e93b69151aa68e8

                                                                                                                                                              SHA512

                                                                                                                                                              d4cc3a78ef0cf15b71dad9806615eadae96b62f51089c271ba07b38a0a927a07649fdcc0cca0f4d91225e3d99a3f7bed1b2dcb75d07771a90be759dad720dc09

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              95a26ab0a4ffd4d6e102de0ce3c21043

                                                                                                                                                              SHA1

                                                                                                                                                              6e2ad650ed7fbce2d58696e11874c90cb1114a09

                                                                                                                                                              SHA256

                                                                                                                                                              2c07a33eba2dd4b97dd6f0b43e5e12026e30a115d9b2a748485b2c5bfea2e445

                                                                                                                                                              SHA512

                                                                                                                                                              51ec67b6e4111ba334f80e1780ed7ad8669a9a09c64f49693c720d24783d3c998fe5421337aec5f5270ba2108b88d523e8b43533e8cad7db1a6db290af0e5a41

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              42ddae74e07ffaa6d8e6038a0ef426ee

                                                                                                                                                              SHA1

                                                                                                                                                              e31ea9fafa706f0a7bca0f7d09118d3637442c28

                                                                                                                                                              SHA256

                                                                                                                                                              b05e288030e41ebb5fa1dbe2b15875a7a0486d95c53b8e034be913dea5be2d7e

                                                                                                                                                              SHA512

                                                                                                                                                              80d13c1df75d697069487555675111db61a973e3a13972c612f9212cbe7f789ed4be5bc990c1c8b325db74da2654d7037950b4357882756c0389575d8fce38c7

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                              Filesize

                                                                                                                                                              6KB

                                                                                                                                                              MD5

                                                                                                                                                              f824905f8b19ca3ca3ff22fc30c4f9c3

                                                                                                                                                              SHA1

                                                                                                                                                              883ca26c703adc3839599314e97d0a7a858e556a

                                                                                                                                                              SHA256

                                                                                                                                                              1162d8aadfd4ba361c769afda06f3db07ff78eb9d65a542ba9aedf915aff60f6

                                                                                                                                                              SHA512

                                                                                                                                                              2c4cf6b5ae096a3e9dd5b99ddd74352d1bcd43eca3cd2f2c938512dc7dabdd8186245a5d913b794270ccf166396477a112562826e15fc59d283921d334982071

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                              Filesize

                                                                                                                                                              874B

                                                                                                                                                              MD5

                                                                                                                                                              90795a2b2eb3b204ace780f7baca1706

                                                                                                                                                              SHA1

                                                                                                                                                              39afbcf6f2bf997a1a56fc3cd70c2e1a051a08d0

                                                                                                                                                              SHA256

                                                                                                                                                              067f4882944b661c42e522dea38579a6dc01b6f0514d265d3c5e63fdc7014fd6

                                                                                                                                                              SHA512

                                                                                                                                                              d8e1dbe3a0a5cb720b4c3bebafd21cfddcb8feaa7aaf7d2e0a54230e7759533e64a4b2132f0d67726f492b7ca7231b4723f0eac718733335634ee9b34f7d71b1

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b1e04.TMP
                                                                                                                                                              Filesize

                                                                                                                                                              874B

                                                                                                                                                              MD5

                                                                                                                                                              75adc7a7b93001214d5ac05825706d9a

                                                                                                                                                              SHA1

                                                                                                                                                              202c8aea2ff07419335f4c4dedcf923259723144

                                                                                                                                                              SHA256

                                                                                                                                                              022fb4dd71d188062d5e47745dd1b09cf7b0e37a6a3a8a34fc888b028cb8afc5

                                                                                                                                                              SHA512

                                                                                                                                                              f65ff2fb7b93ab9f12b1b634f537ce352f7309de4d307f38afcd221adda337227f985c9e5604a0c2d40c8fd53d9253922142409cb3182c29badd1a9ea49cd1ca

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                              Filesize

                                                                                                                                                              16B

                                                                                                                                                              MD5

                                                                                                                                                              206702161f94c5cd39fadd03f4014d98

                                                                                                                                                              SHA1

                                                                                                                                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                              SHA256

                                                                                                                                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                              SHA512

                                                                                                                                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                              Filesize

                                                                                                                                                              16B

                                                                                                                                                              MD5

                                                                                                                                                              46295cac801e5d4857d09837238a6394

                                                                                                                                                              SHA1

                                                                                                                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                              SHA256

                                                                                                                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                              SHA512

                                                                                                                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                              Filesize

                                                                                                                                                              11KB

                                                                                                                                                              MD5

                                                                                                                                                              bc73ac7e7e09ec0f48b436d97535ad70

                                                                                                                                                              SHA1

                                                                                                                                                              75c0160712601a9a791330fb6db93c75b691c5e8

                                                                                                                                                              SHA256

                                                                                                                                                              eb8efbbc658042ce7429481e805092c8864dcabcaed61b75cdbc12a3469ecb0a

                                                                                                                                                              SHA512

                                                                                                                                                              85415d3c6caea9bdb815e6dbad088b39bdde951cc7442d66b6fcd6b142fe2a112ec18acefc967392330db1c75fbaee60968a7f119979bd5c43f172fe4cd0e59f

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                              Filesize

                                                                                                                                                              12KB

                                                                                                                                                              MD5

                                                                                                                                                              99206da61b22bb2fc95502e76b63bed6

                                                                                                                                                              SHA1

                                                                                                                                                              c7bbf54da400fbec3b993c1444041878abc3a7f0

                                                                                                                                                              SHA256

                                                                                                                                                              55544d8564ed3f76bb90c7127fa0cda138ed53f0ec4c2d637e2b4c46545ba2fb

                                                                                                                                                              SHA512

                                                                                                                                                              e6822ffe28bb39298dbfb6778a7cdb84b31626a35e1962d67253f4b582bfeb1e4163a2ac70026e9bea50f12282505e9e1473f300706de27faf7f9c8c404a1d2f

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                              Filesize

                                                                                                                                                              11KB

                                                                                                                                                              MD5

                                                                                                                                                              393a34b4ead1f4a85b3a439c6a82e66e

                                                                                                                                                              SHA1

                                                                                                                                                              22c201698e72262e6da1903c51987bffb74d8368

                                                                                                                                                              SHA256

                                                                                                                                                              29ce8f91c33a97d3447e6972cb7fb7d1ac847ebea37a48e10d697eaeabcda715

                                                                                                                                                              SHA512

                                                                                                                                                              24928ca377e30afce9fa7d8be80b483770314ccb7312e919cce3fd91467f2b6d600ef56a57eeab712beac8924459c8eecf24f181699fbff473544bf57c70f1b4

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                                                                                                              Filesize

                                                                                                                                                              2B

                                                                                                                                                              MD5

                                                                                                                                                              f3b25701fe362ec84616a93a45ce9998

                                                                                                                                                              SHA1

                                                                                                                                                              d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                                                                              SHA256

                                                                                                                                                              b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                                                                              SHA512

                                                                                                                                                              98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\Downloads\release.zip
                                                                                                                                                              Filesize

                                                                                                                                                              445KB

                                                                                                                                                              MD5

                                                                                                                                                              06a4fcd5eb3a39d7f50a0709de9900db

                                                                                                                                                              SHA1

                                                                                                                                                              50d089e915f69313a5187569cda4e6dec2d55ca7

                                                                                                                                                              SHA256

                                                                                                                                                              c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

                                                                                                                                                              SHA512

                                                                                                                                                              75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

                                                                                                                                                              Download Submit

                                                                                                                                                            • C:\Users\Admin\Downloads\release\Client-built.exe
                                                                                                                                                              Filesize

                                                                                                                                                              78KB

                                                                                                                                                              MD5

                                                                                                                                                              c9a2afc8a977dc948b123323f262a9e5

                                                                                                                                                              SHA1

                                                                                                                                                              da34e3f6706028664c4e8c63ee51482fd2dbf09a

                                                                                                                                                              SHA256

                                                                                                                                                              3a447b4842d76ffe69461ee4c88e456feb59f9619d6451e1e1df6840610ad3de

                                                                                                                                                              SHA512

                                                                                                                                                              9d7156b576d2650840d512b914553d8c3a7a4237ef06957625bcbe70acb23ab29a93d7079c7851d9caa408086beea6b929de3e6a42f2a020e052896c84821d4f

                                                                                                                                                              Download Submit

                                                                                                                                                            • memory/5572-260-0x0000000006B90000-0x0000000006CB2000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              1.1MB

                                                                                                                                                              Download

                                                                                                                                                            • memory/5572-186-0x00000000058A0000-0x00000000058AA000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              40KB

                                                                                                                                                              Download

                                                                                                                                                            • memory/5572-185-0x0000000005900000-0x0000000005992000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              584KB

                                                                                                                                                              Download

                                                                                                                                                            • memory/5572-184-0x0000000005EB0000-0x0000000006454000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              5.6MB

                                                                                                                                                              Download

                                                                                                                                                            • memory/5572-183-0x0000000000EA0000-0x0000000000EA8000-memory.dmp

                                                                                                                                                              Filesize

                                                                                                                                                              32KB

                                                                                                                                                              Download