Analysis
-
max time kernel
90s -
max time network
94s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
13/06/2024, 03:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://archivohot.com/o/res/100.html
Resource
win11-20240611-en
General
-
Target
https://archivohot.com/o/res/100.html
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 8 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1560405787-796225086-678739705-1000\{D9021517-31D9-4A5A-9593-2CF71D2CF389} msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 3016 msedge.exe 3016 msedge.exe 2136 msedge.exe 2136 msedge.exe 1636 msedge.exe 3548 msedge.exe 3548 msedge.exe 3892 identity_helper.exe 3892 identity_helper.exe 1552 msedge.exe 1552 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
pid Process 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4972 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4972 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2136 wrote to memory of 2084 2136 msedge.exe 77 PID 2136 wrote to memory of 2084 2136 msedge.exe 77 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3176 2136 msedge.exe 78 PID 2136 wrote to memory of 3016 2136 msedge.exe 79 PID 2136 wrote to memory of 3016 2136 msedge.exe 79 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80 PID 2136 wrote to memory of 3680 2136 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archivohot.com/o/res/100.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffecf093cb8,0x7ffecf093cc8,0x7ffecf093cd82⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:22⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 /prefetch:82⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5288 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:12⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:12⤵PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:12⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:12⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:12⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:12⤵PID:3920
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2052
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1456
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4312
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D01⤵
- Suspicious use of AdjustPrivilegeToken
PID:4972
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:2232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f717f56b5d8e2e057c440a5a81043662
SHA10ad6c9bbd28dab5c9664bad04db95fd50db36b3f
SHA2564286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945
SHA51261e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6
-
Filesize
152B
MD5196eaa9f7a574c29bd419f9d8c2d9349
SHA119982d15d1e2688903b0a3e53a8517ab537b68ed
SHA256df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412
SHA512e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7
-
Filesize
28KB
MD5bf2c9b4c340827cb10ac21e17f3db378
SHA12203a03b53ed7ee3ef8f7a4835694a3d313becff
SHA256d66c19bcc3bae147b4606eb1cf98fdf16427865451b9b5f41ca685215abed254
SHA512d2e87455aca2b99bb29fc5f4940a64a78ddc6da47703a02f8b46d51b4bdbd301b67532165af9d0afa48afbf1b4785b714e00bdd33f67a80a8d68250b0e4037c6
-
Filesize
46KB
MD5365e6cacd993aeff945e88baceb2f327
SHA146b1169f2e2c61c576e72a5288233f9ff5b0ed2b
SHA2560f82a04bbfd4a4bf5f3d302fc32f39bbc2ed655ecb7430f32828d0e4814da511
SHA51265cf29383b299f54561f354b65cfb2e412a49d9a009dace0197962fa0d5a86eade5bc1c08789e6f4d271bcb3d97064b3cfaf540ad183baa5c462ffb8d7cf6769
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize480B
MD5379094265b789fbc923f7a66fcd4ec78
SHA1f5f5219a1716500dd103334ea3446a2a7b9826c3
SHA2560133ffe8321616444708b5efeab4754b12ec9b000e554d1c79787c51e97426a0
SHA512467c36a9594557d915815f84e483e5fb2311610f1d72fb0ec77de7d8462f91d51fb4e2c35afc13bef4895cefd7efcf4429669c41cd46957df0ce814cff9d15d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_archivohot.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
3KB
MD52e2bdb43903a2d8dfeb26a7ee147f59c
SHA145295c5cb31099de20bd06203a18a9ccacf460ee
SHA2567f33fa40edc91cece219e3ea1037417e28b8f76c123d9a3403d5ba117847de92
SHA512d5d6d019fa745fadb4605bf19b445f7c3d92c125051ba78e42c73925f0268a97d010f15a0f0814bc492d04fdaa45910979d8d53feff5121985d6fee78effee62
-
Filesize
5KB
MD5f8b91422a638e0721bd74efbac75f82f
SHA1b8baf8d66957996a2924de397abdce0135deab44
SHA2565bcf89da9e7e5338087de0da9b1d294df205af15a6de08846db849b1205beb31
SHA5125565b0429da4a8e4c09a84755ff0a537acbe83463c63bfa547a7ca6b81a3c50951da06976b346dd1841a2261858097b2b7f94a0aa2c03a1a3d294758ee710899
-
Filesize
8KB
MD54b6e140772d15cca22381bb01dbcf87e
SHA1e960d686b8932c973206bfeb3e7619c02275f246
SHA256e2836fb80b8e50f7ade446b4056b48ab88dce6213ff69609f8eb198842788317
SHA512ba5a233ca6c4157127b4c2be1338db408bfb0bad8e199b03af1521b2a588e2eb7973c868ad3d643715db0d47da82f3508d165c9082c4744e9ada70168062e409
-
Filesize
8KB
MD5802e33ccba4dcad2b1c4afed3b3a4754
SHA1e58925fd8eb045b6834da39724f47f4a7bda71c4
SHA25680535b5636cf11ffbbea2520bcf904b38c14787967fe2a3703d6d3c45e5cd353
SHA5123392f53a92bf339b545cee19fcf6a34d8a0f922e3b66cf17db4f8b61fea3beef2834e2062e1d1e4a9ea5971c188f4dd2502c2caeeb828e58c2e3a56aa2f879fb
-
Filesize
6KB
MD5e314000bdad6b5ff84f979802af39884
SHA16237fe2e8fea383ed8e21aca2901c8fc8e1f6f32
SHA256a217cfdadb88277bdc04e58738f340d7aab17da58e0c953bfd7958cdf7f31dee
SHA512a93ddb2081aaaf02f100c959347c45e1ec29bde1cf5276e5386701ae9a0b98cb85b515260e59cd39b25bdf47c0b8184f4903abcc2cab24a06a2f5beda3ad7035
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD5b98ad5fa0385dd377fc500983e4122a8
SHA13f9372c60262458a1ca1dc80e14bb3c04f3f26f8
SHA256ae2eb34d1ca267956cad8b07d11d301165963d6d8b90d5da1ee2f565375fd6d5
SHA512c5c8f3a092c53913f6f2318952f790a0104b0ae2bef9bb2c8cdc5c0f9b4feb3a5d01400698a43f2e237218cd7a5d352249be9520c60d4bca78347e8954e123d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize155B
MD5105ad54104af43591dbc9e846ce6300c
SHA16ba23ed3d5d960929993b172f77a7c4fa1eecca5
SHA2561e3428967efe0d69826ea794d1ffbe451591e901ab80044197712c78e77b7249
SHA512f729c4b0976177d8849dbca00fa33130c535676693b3ce0279c00d29c63f8c678bd7743c1d23759a7e4bf17b46ff7b1aa5365ee4709c7e076fb85cf74b24582e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD5e76880e3826c42fb15f7f5f4313fd7e5
SHA1eb8b506ce8af88417e77256ba3ea9ec471e0814c
SHA25687f62f79bd0ef12adfeb70c190c5c737e321c18f17f119eac73389415f135716
SHA512635bc616957973fa362e70d1bdb02f281128416782af44f603b93bba77085e511ced4fd609e6cb8b06fb03f14f045621ebf812b708b456581901a7147f7ccb2f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe588b05.TMP
Filesize89B
MD577582b58ca5a00bc6f467b26368d8b24
SHA14c35d6a733a02e4da6da72afcbbde18fa949695b
SHA2564794b81a5d7137aea64abb60e7c5b1838c98c237a511a874315068558265d5fd
SHA5127f1bae786beef30490eb47714bf407dd12dad33fcb5fa1186ac53958e7c3b45a864037d243701a89f94b45d3f32ab499ad1a3e26397d6041e7beedeccd218405
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
2KB
MD56d23e146e712d9e018231757bde5f4dd
SHA1b035ccd80e2ea59d3723ec4b01f94a524e841821
SHA2566c94115ec4d3744f52909a14a43800bf84cbbe22dd1d64d4821f14d892812801
SHA512085baaae86e5a7b367e7c3cfa5a663c4cc88a42d6ea8f3de6bee9d72969bea062fd88b60f256b3f8c3dc127e291efb5a478642a0f7551be5b7425f190eeb5b44
-
Filesize
2KB
MD5c1b1e819116216d969f059332c353b83
SHA1facd97be4392e80f90f843a7bf29d3761b9abe33
SHA25699d9c9e12910a3baf2f0c7a8a9a04ab834f38137f537caaa05571a3807dc3569
SHA5120c560d2949defe39205ddfc708ee3613ad131f9c958c8f64cd6087665cf37cc675d5d49d86c41e54a8a38a826b0f0b814cfd15ec9b82bed63e20773e88ea0045
-
Filesize
1KB
MD54a499f072983a718fff70e5ed13b806a
SHA183755c1c166b7b438c47dcba12f249aaa2a2b110
SHA256eb6175c77d2ab1c86538ba6fba9989b5a8805b43e024409a62e0f8ac05978d79
SHA512adaabb56c3e59f01a340b7cdf48275db79366feaf2f9a08e5bcbd6dccfe66963f6d7b3efdfb8626a4db0d8debc973088a560ca1ae9091dfd1d843a1b4627167d
-
Filesize
1KB
MD56254b040257a1b0448be27a8ada19495
SHA11745dbc1bdb672df4a271e051d8cb4bea37ea05b
SHA25665f235d2f6327d0766df5bbcc4cc46dd44807cdbef4f0e3c3e336991039b168f
SHA512ad129a603ec3ed7c89e045726e21fc9f1a3640409c4e41861e13967a1cca6cc0944f0a1f352b9a4778e7a28e46364daa6ed62d56dcdb78a14a3e425e47a90500
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5fa268081a7e7d75c322ebcabc8ced4be
SHA165edb2c105e44ac171800af3404e2f054a5ed3eb
SHA25694e9fc9afa5db8eb3c201306d9a25ba075730d3074ed5c60ec884fac643ce87e
SHA512000ba535f43d868cb95758eae9aaf0877524e5b3a763b96d9e3810e6e3ec9c72dcd5dad6c81474ed99344fbebf8e9b6245adfef371e82727d1912c9c51540a1a
-
Filesize
11KB
MD516afad5c2842dfde9fe2eee93447c80a
SHA14d0935b5eee8d7acb2671e4ef36856c20bedaf7c
SHA256d5ed7c0b54a1d7e21a71ee5dc99b7755a2a5f656fc5553c7864135dac7b95e3a
SHA5120dbabaecce50a6b2e37c319f03683ff7a5f54b33f4ca5689fb9a402cf35d017d7e251c07b6cf0dddb1a0683444ff226a886fe27d758fe00610d62d7d2067daae