Analysis
-
max time kernel
1680s -
max time network
1685s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-06-2024 17:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/
Resource
win11-20240611-en
General
-
Target
https://www.youtube.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1276817940-128734381-631578427-1000\{459F0203-A072-482B-A9E6-4449B6EDB6D2} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 428 msedge.exe 428 msedge.exe 1968 msedge.exe 1968 msedge.exe 1620 msedge.exe 1620 msedge.exe 472 identity_helper.exe 472 identity_helper.exe 1976 msedge.exe 1976 msedge.exe 128 msedge.exe 128 msedge.exe 128 msedge.exe 128 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exepid process 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 3824 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3824 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1968 wrote to memory of 2372 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2372 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 5076 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 428 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 428 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe PID 1968 wrote to memory of 2352 1968 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff973f53cb8,0x7ff973f53cc8,0x7ff973f53cd82⤵PID:2372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:5076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵PID:2352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:3584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:12⤵PID:4892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:1012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3476 /prefetch:82⤵PID:4612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:82⤵PID:2652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1620 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:2348
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:3192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:3496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:4936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:4156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:4236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:2060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵PID:1456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4692 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:3508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵PID:3096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:12⤵PID:3184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:2208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:12⤵PID:1836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,11100174277142529788,3978021012661932986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6672 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2420
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1332
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004DC1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3824
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1108
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD564f055a833e60505264595e7edbf62f6
SHA1dad32ce325006c1d094b7c07550aca28a8dac890
SHA2567172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99
SHA51286644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a
-
Filesize
152B
MD5a74887034b3a720c50e557d5b1c790bf
SHA1fb245478258648a65aa189b967590eef6fb167be
SHA256f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250
SHA512888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
69KB
MD52c5d4af27f0e230c62198ade697d92d9
SHA1325d8f28b44c70726baa862fbb4ede8180589eb8
SHA256ec6a2d5277ff4de593b08873db1cd9d5b87793e1d6c7d579842255f29285f978
SHA512ec8b16f9020211bebeab1a4cd10df2735525586859e6bebcb34144012d4c64b3985e291a4a142bb9d18b7fa7a0d3f2d3b0fcbfb2935c8454afc134ce987d3562
-
Filesize
41KB
MD52fa413749c8fc80fd915111a499ea6b0
SHA1cf9dacf2451cfa462d573c454c24b9b209b31faa
SHA256411ccb79eca67e7f61ee68ff2d0160771ed049590c35a747d2e6341eae05099b
SHA512e4de0203a3680d9d694b76379e5c82549739ff51bf783624ac73bf4b622c69d08c0473de7f7d85a33c80354bc507d5ddc87cc8b0643e22cc661c4537711a705b
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD557b0be737bcc15c1db1fe1930d6c4616
SHA1d917e5c80c307ea8e77f0ff33fc0550ee939f471
SHA2563f333be09c028ccb2b4d6a6a994f6f55000c220aa164000b8257084693cdc5f9
SHA5125100834421de2327292e0f84a6494796e67d4894507299c48b1585d8fbdef2ea0e30e1cd866d9992aab3ba0fb5dc6eeb20f3543841b194ea3ef23d2f69afaa4b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD56dc8dd7aadca68faa13e2e4869e7862a
SHA131415e5431e6035bc368cbf833cb3eba28c0dbf6
SHA2561521011496c1393838716ab933611651b4efacff5d205278477765b543e80f84
SHA5120ba7e79b88af8d7ae88543ff62b881696ca857af32053ccd10027204bc9b8d1d2e2be04daddcda56f9c8034cbd643d77db7288256c5c1cc941c883e51abdaa63
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5be2c2844faff3db4589fa8d2c3469bca
SHA1307e3b70170f7bb6bbad448dece88b5294776095
SHA2566737d4cd76072181f8778b2838e47324dd6e811913cf1c9ce97478f45281c31a
SHA5124b0f3fc5f83505ab58f1e558bcc1c942d95e41e5eb50aeeeecdc1bd136b53e7174160bf885a4882a5062000e30472ccc6cb37fe713666d481e33521dad81b17f
-
Filesize
3KB
MD52d6cad3316622e13c6ca4c25056abcca
SHA1dcd8258cbb9960680b20c5c6244d9ee0544288f9
SHA2566afe6a40d09fafac5cec613b9a61bda000599187bbeaa6ed1f9d620bec95e4f8
SHA5123f44463ed23ce29e325b46f7416244a3e92753c4cb8a684567fd63d420893b6478497698dd5bd8daa2cba7d14e5fc256c2a27d525e7d3d077eff246c53a1fa6a
-
Filesize
3KB
MD508de083b5b9f07c404b67d90c34e6b9c
SHA10962f4ab72a6472365ac46e6306238a60d498517
SHA25611c9c45d68763a07ad13798b8ea5092f51b718be15617f85f17a48d3df9ac561
SHA512a1d5ec8edec65903518a9484e74f547916800712d5fc8cb78ac8d9b68fd330db86f7f53723f5e162ebf4dc0406dfa5b8584d46a4ffc8fcaae97866b7e446dd70
-
Filesize
3KB
MD5ce96490ef209c177181f633a0b51a7a1
SHA148b6ac4f8ae7ab3e3096224edbd4c89805036552
SHA256f72cb6dec0d63d233ba11ba272c472280eeed0f0c83dab66b9cfa6cd144a1146
SHA5126d5b71f6b1db2f2e84b38102b6f8e7207007b3ffc4e33c3da5dd3d475a69b0a2633ce8af727368223bb0c6220d8b2d12a099efe24b6050694ff6cdd7585ca00f
-
Filesize
3KB
MD54d15b0d63d015d4068662e8b11a9ba10
SHA12145a6056bc62763da8898c7743b3206a2564cfd
SHA256b31dd9b29374e1a046426f571f9038709469a236c2a514590e65fb3493fa1eb5
SHA512223ecf2d2ca74c53451467312b85dc8ddb6f80bc0b54e5f7b71aa0ed518bfe7b924614a47848f5aa48966f16b257804bb81bd5bad3c7845c93cddaabc00b05bb
-
Filesize
3KB
MD57404a114662cc98b6f983c476e518f8a
SHA11e466f56a05fe058e0058ce963d472f1c0e698cc
SHA2564681cf6bf73b3d4f0107cda611e4557e6d392a6c43a5b7735a12f30e9b994366
SHA51203eb2a1e6d8dc981b3b89292b629ca1ef4f9fd91fc4f03594457ab1f3d8efabf1e075916fa2d75cfeadb8ac4f58e32696bc8b1a4ebc36e51fb1262c31217f885
-
Filesize
6KB
MD5a226e455cbf81a6a25345126b19cf426
SHA1476a66359148d69b588580368eaa72e28af27f56
SHA2567c941265f4a2336aa92adbb07aa9ae1157ecb721fb579885a9d36746b1c61ccc
SHA512c0ac6a2428f40aabe27cdd1cb4ae3cf7ac5d666cc74c39d4d60e4b5795f9ea116f18974d335d7570380948473ffb0bb65345a46ba08090a8833373ad7ae91553
-
Filesize
7KB
MD5c0772112583d12085b05a0694ffe3d16
SHA1b8659ebccbc3384a625ca30c34d43c96600ee13f
SHA2561f0975cb3b60fb6459ddccb3b5177f4a4b4e5715f4ac036a4a38893f4de916ca
SHA51298a7ae22ef2dfcd07331f49aded8282c9c3476015d29e15f18be24cc82f58e8b765ad242750b0bce95f2db093e3000f96f783d2920483293cb0a494f1ab15be1
-
Filesize
7KB
MD588e835e47c782a6cf3340fdba3ae9f8a
SHA1501efbd15022cfc18aae5c7a1b371ec54b7b6d13
SHA256ffba143ef010df1e47c23d303e242d6b431a82c1988d9cfb460ee9cd16876076
SHA5126b6061156c199e38ea505b739c6645268d4dffdac527211c08fe94ca6cf9f98b266a96cf2871d3f01ad576404792024482c84442b8a3220e49b9b2844e633ab0
-
Filesize
6KB
MD56e86e2159098eba5f16ebc17027ddc70
SHA16e9168d3a63167ac1992fac78f73994bccec94f3
SHA2567656f30ab1b2a9548cd8e9ee2210d9102aa9f41e94b7a96d1993a80572fdbfe5
SHA512f56cbb2f704311d5f76897a3cbf682d54fb7eb1ef6d191570a6a5d93f07a733b5653ad177cab3d73d1b3532eb9961ea65fe00dd31ebc531ac833ed52b0c497cd
-
Filesize
7KB
MD5b02d06f3d8dc955ab1c771ac2e25fcdb
SHA1f259baf3385f01cb05eb019679a0c22816ff56b6
SHA256d5df56671dd2ca8f5480cb35f8aa3ec8f9cccf73bb475493c4438bb288f88608
SHA5128eec4a493431df44eab5fbf33c45fe85194639c266d1f03ec5dfc7ec3e965799d14d70a53c26cf9b9402c79f8724b5b9a6934bbae28f4a335f3e6245820e1f58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3b93c561-58c7-4f59-878f-07fb110fb1f0\index-dir\the-real-index
Filesize624B
MD54291e5821d6f2e6b10ede0a1a5159ede
SHA16559e69859f73ce4de63eb54d8fbf67daf2b6980
SHA256ee77c06157891389d2bce396c9a845af0dfcf18bc4929392150e8dba5672ca9d
SHA5126ee868491f45f229d9722191c14a84248bb8d28f1ba6bd14ce222633fc1370da1eca8b058525082b542034adb1fc0e08fc57949e04f0d21ebbe20cef3d2698e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3b93c561-58c7-4f59-878f-07fb110fb1f0\index-dir\the-real-index~RFe57afe7.TMP
Filesize48B
MD508921719edc4154b9a0ea9d3385ca0db
SHA105c7de061ef027dca2a419b24093c15ad785316e
SHA2563636fe252c743c3c7d383a67b3ab0723459da00058bc3b6384cda81778dd9faf
SHA5126f7ff4f90a368bcef96e29431f1cc0992930953d9d38a87b1222115790964e72796d654645422010ec941d0ad46d3298260bfc10d534012973c1a867003da823
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e810f5f3-70e9-4f21-87ec-08390268806c\index-dir\the-real-index
Filesize2KB
MD585c2428006b664692dbdf3432c52d87b
SHA197eec2dd468c5cfb1361fbae728599ddbbd60ab5
SHA256b8691063365c59b7d628b3da243bfdb86bd839d60f3860ff3826fd0b96a98ead
SHA512a9c3a8c4a4c5261478519e004e664246f7fc4caecfc4c4e8b158d2fadd2977a848742bad10b3f1e7858bc98c962104023e7027cb1f6c1308fed3db511f6022b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e810f5f3-70e9-4f21-87ec-08390268806c\index-dir\the-real-index~RFe57ad38.TMP
Filesize48B
MD533778e01996e132bac055519320c19d7
SHA13568405b8e9e43ef8d5697ec867f9f5c62ba9925
SHA256ee8eebe8ef16d4dfd27e2ea34a56669f4beb10225b21e60c062c3ecd7d8665f0
SHA51267f07552dc23e9f9d524d781d16e337604518c1d7c0f4ffce2a37a67ddc19188e74cfe3986e82558ee7c1de580079c1583619ca3e582aa55522930655a69c27f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize89B
MD5538f5bcd8f18aca23cf3e3d95e2b2d79
SHA11a6831834260f315a498cd6bbb646be972cc7ad2
SHA256b52d3611cc6a5d1566207149cda361d641bc4c5d67ce5bccf06e96ed7126ce5e
SHA512faec8cd2499722dba2646d9bddfe10795d7e0a9fbfd7d278d0c9f82b27748bad98e84c12ac7462fd7fdb73aca5ea5d9da20305042397a6dc6e170b0155076dbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD5a809b9a117d255f2a09d96e61c98470e
SHA1de47513a743258717249df5e920bd1b2dc4155a7
SHA256f8aa40b684b02951405ae90ab971b2f9a5dd53e85dae7f0614ffa2ea9b372076
SHA512f3ad3acd9318e729c358849274a9de2be7aee7625a67b95044f723ef8b2b5de137227d62bc585334dccf7900eb3800c73470d07dd9a6db47e7b6bb4a83f7a1b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize155B
MD55d139004456ca4d4b308019ce8cf5e95
SHA1b5f0deb354e63d13361dbd4577b84447f504943c
SHA25677b9115049bca039bceda482f965d622761a7d7c6a2b4cc93238a7cdf4608157
SHA51297b023744c58a80e2f23cb81c7771028baa375530a6b1ccf48aabdfa262b7cdccebb43f7f36a33e2402e80c101e56974a65287d05572a73b0cac693ad8f38330
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD51172eae2e9a2e714965b795601b33277
SHA17f16e4a4c09f3912126d41100d7fddcc580b85f2
SHA256fc0e9dc4be1a86a293933625b811ee6c658959a6c046f8624ee0587778bc65f6
SHA512902dfa42ddebb87a33821b2d588e497b066085c232413356768c423005fe85deac6228a6e280f4cc6f02286de0fd43d34e539465115c7cb2f6333979db99f926
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize153B
MD574f5118995163ec135a77d7da41ad21e
SHA183deea2f9dfbd35961aff1cd2628a77879270c86
SHA256aeda0955d3c36ab091ac9c6ce55f29100a68714e132a05445f99ce876ad31e80
SHA512d19b7f1f906a3b1cd966a2b8ce067bdb47c2244242081b8c630fee8be53abf4735ff569f83691feaef2274756bfb828c57d59da28e7067b1948f37e049e8362d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize17KB
MD519e4ec4f63fe92d43aab9dabccc4e6b8
SHA105f88b759a99cd8677fb6c3f243129ef6b5131d5
SHA2561b80816fe40d50e956c07c780b82b4d58a541b7ee64730fa9ff8b81cf296083b
SHA5122065e4846a5e48c45c9bf4f1d7fcbd4777721296d9ca0037ecd8c9df2dce570ffc73905c40a876cd6c411728835717ad9aa25dedca048b025334c6e6ad0e9f6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize163KB
MD5a498506bf0942ff7f9d8dbed76faf6cc
SHA181ad832ff76e7f774b0a95ca0cff0f5f7955f213
SHA2564ac98be688eb2f2b51d1f1ff71b6d68d4a5327ac59241ec7e48f96258474dd0b
SHA512a01e5c56aa41ecd761f5929b53edf92d331e1176ea91b1e56e55c81c4a5ab9112288d5e0a90e0548ca889b34a423fb99c0d607e8017626710894caefd4e4c909
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5ec4ba028bcf76b238030dd8ed2268073
SHA152c45d8b09d6523a32f30eadbe70cff4115e830d
SHA256ba6fee9d0c34ba9415975c494f0593e8331d2e21698c7d5356d889d4282229c3
SHA51205b2dc55781fdd52534d1e810a272e7f46c0821b400fa50a5f4276256c235a08d9a0f09fa10b00e48cb2ab58b7e10fb24b7e69f53ce804907726eb1828c10e52
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a77b.TMP
Filesize48B
MD58733b5a0b3ea4bab66fde7edd23529d2
SHA1b9ccff6ebe2f856034124091ea41c617eba2f901
SHA25608c4b117634a866f2eb41807c4a27910387e07befeaf39f40f9f3de14137f3f0
SHA5129b672f6bd7f84a66ee11ce33a7c439929b4ebe4e746c1fdd31ae7a3aee8a96b88f1c83d129961947ff3586b32092e3ea55f5c4877c522eda7a805af02bb735a1
-
Filesize
1KB
MD58093b3ce3911f2daba7ba764269ded35
SHA1094eee31cdd6898153b6cd48a01fd0fad33fcfa6
SHA256510cf768c1f9f03c3e64a379e325ac0c19931887a51dadc888126bbcb5dcafa7
SHA512516ec55a82b710edaa2d0d796eb1950ab423d68cbe0a209e5e838f6c62b53d78600f13db02262872e42991ef1953d68a6b5c0ef10ee3c6b0fb76ae1897f37829
-
Filesize
1KB
MD5a3f5530d6976d4611bfba82bff5d9d47
SHA15f353e806538e01309ce3e07d2472a2a473cc3e7
SHA256fdb42f223861caec909dfc282d3d9adca233ffa28bce80127eca14475cd298a2
SHA512b6b30f9ba1604a20fe317d788c68c1edd4c21b82970dfd14a835a299d18828448867b5f4b7340922837ee864c429972827d2b60311e963d32a5e7dbc7d6b4ab1
-
Filesize
706B
MD5d874b5973b466a8744afb8a166521fc8
SHA17203b470d178be6577fa0a72044eb0be2f8f47f3
SHA256acb86f0946f39369c1912bb6efb3183f303aab93f51262a71a4f5bb2f0e27402
SHA512dab4a0ba1d695a125ea7df34995bce2a0697eeb21bdab4689346502c2c372b04d5fd8ab93ae926e701f9068c11b6a162b87c5dbc24a5ed5e550206a5f8817bcd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55df23e30ab1cc884aad27c2d7dd66d7c
SHA140e830243f98471114f4aa3e3877442adbbde70c
SHA25646752cac9c00cf1326e62a535bdee2ed7dd8d2bc41ca9ad305864c1c9f82de78
SHA5125ccfafe82dd036296db40e49acd8370db42e810e8a344a782b8c5218c555f8797c868a11c8c1617a382b96d89ab320048ccc159967ba61fcd1fa1a3801444b5f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5172ed314f83bed661aabe836dd9597a8
SHA141a874ae8498a596fae3eb14124eaddbc6a6f420
SHA25602b0764121de52d802cce0fdf7cfb2d60fd9eda0734dad3f3f46635a4892512c
SHA512834a87621f87b9dabe44a40fc4e3a2e07d0b9af24e7158fde29d0b3b1fe2f8bfab3f7da0c43d6b810fb490284aac0aad4f19b452d85f59e56dada548b4d10990
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e