Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
28-06-2024 01:50
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Quasar payload 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Unconfirmed 551268.crdownload family_quasar -
Downloads MZ/PE file
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 551268.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 3140 msedge.exe 3140 msedge.exe 3352 msedge.exe 3352 msedge.exe 692 identity_helper.exe 692 identity_helper.exe 1468 msedge.exe 1468 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 61 IoCs
Processes:
msedge.exepid process 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 2980 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2980 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 39 IoCs
Processes:
msedge.exepid process 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe 3352 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3352 wrote to memory of 2104 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 2104 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 4820 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3140 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3140 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe PID 3352 wrote to memory of 3876 3352 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/2HcJfRg1SRN91⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3352 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffee2eb3cb8,0x7ffee2eb3cc8,0x7ffee2eb3cd82⤵PID:2104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:22⤵PID:4820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵PID:3876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:4128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:1972
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:692 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:4236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:4812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:12⤵PID:4904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:12⤵PID:4088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:12⤵PID:3068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5020 /prefetch:82⤵PID:4660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:12⤵PID:3908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:12⤵PID:3668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:2352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:12⤵PID:1992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:12⤵PID:4932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:12⤵PID:3712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:12⤵PID:4408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:12⤵PID:5068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:12⤵PID:4580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:12⤵PID:560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:12⤵PID:4180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:12⤵PID:2572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:12⤵PID:5124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:12⤵PID:5136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:12⤵PID:5144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:12⤵PID:5160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:12⤵PID:5172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:12⤵PID:5192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:12⤵PID:5808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9988 /prefetch:12⤵PID:5844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10120 /prefetch:12⤵PID:5880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10608 /prefetch:82⤵PID:6484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8472 /prefetch:12⤵PID:6628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:6788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10888 /prefetch:12⤵PID:6544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:12⤵PID:6512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:12⤵PID:5508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:12⤵PID:6984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵PID:5136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9528 /prefetch:12⤵PID:5908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:12⤵PID:5860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10120 /prefetch:12⤵PID:5960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:12⤵PID:5436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:12⤵PID:5444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:12⤵PID:3828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11400 /prefetch:12⤵PID:5068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵PID:1328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:3304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:12⤵PID:6928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:12⤵PID:5276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10140 /prefetch:12⤵PID:1120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:1596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:2788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:12⤵PID:7012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10484 /prefetch:12⤵PID:6696
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:6140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵PID:5232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:12⤵PID:6932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:5656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1760 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:12⤵PID:4624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14550242287089428565,4706524880864263486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵PID:6964
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3752
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004DC1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2980
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f717f56b5d8e2e057c440a5a81043662
SHA10ad6c9bbd28dab5c9664bad04db95fd50db36b3f
SHA2564286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945
SHA51261e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6
-
Filesize
152B
MD5196eaa9f7a574c29bd419f9d8c2d9349
SHA119982d15d1e2688903b0a3e53a8517ab537b68ed
SHA256df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412
SHA512e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7
-
Filesize
1024KB
MD54322f0449af173fb3994d2bef7ecb2e4
SHA1b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA2560502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef
-
Filesize
250KB
MD59a23e02c51224896115a872ee5f62800
SHA1447ac79a43947ca2519a6a9e4d63333c81156c06
SHA256f6acbc67934394aa13122f6cb281e96a0765dca464725108b63b046da126831b
SHA5129d1e4546a4ced1959212bd1c0f0f8f8a09e6d69b85db5d9cd0172c614745c46143b269ac9a47253fadccfd5834f2db03d35398db16419607b4e749fbd8938321
-
Filesize
16KB
MD540faa0c4150091170644046bbe98ca75
SHA1d07b30afeaad31c52a1e9dcc2b5362065cc46625
SHA256c3973eeb11e12431e06d1ef84661ade738e2f9d653e09bb1882dfdee5f887158
SHA512afa3bf63f9211982ff39b058d0dc8b5ade5339ed68615df5f0c16477dac454897dc1d61e67d78ef1191c1f5859407828d297a5102ee7f28addd10449fd07c85d
-
Filesize
262B
MD5c1af4ea89ee0486bb4325e6afd936aa7
SHA1de0404ec8be3612bed23713799fdacb3b1664f04
SHA2566a2d0e3b75c952ba7effc5bd50f1305df557379f810c27d4f5ebcbe602bf196f
SHA5120658bdfc281906d4a78e8d2584d70e269b9b90e5418a6332515b47ceda119d0e963d5180954de7e36b619c9f1b67af61aefb00aaa84da99d5b34ca8801abf6bf
-
Filesize
65KB
MD5bddb691d12d04f38b42dc8bc98d3270b
SHA13d410701ae2142202ff22eb8fdb4abf021d245e1
SHA256ec7473ff9fb6da574debb4bd252aac5663f59496a1f3bc1808e589ae11dfe088
SHA512ee1799438736960a1723d455fa9361df3ef05d6cdbc454105463b8b94becf855425f48b6ad8e80250a5f5e91ef7f0512cc91bb8fa7c848aea616504445c03c32
-
Filesize
38KB
MD560d3613a3bd520dc5e12fbc1efe0a304
SHA183a0aa760f9a635581681ddfb2867b2c44709fcd
SHA2561abed51c47bec536b5529a7ea7fefb157729ce8fd4f9ba99086eb8bb437bfbf7
SHA512ce7b3f1bd219a80e5471e57b8b17957e728b1f0be4e6fea4cac2c69fc731087ae4695f80e831f405434e0207a0c4feb369c7c4bea3dca2e67d6536bd5dbb4055
-
Filesize
33KB
MD58aa95e745674053d789180420b19061e
SHA11b31ba31d6b4490fe03a69aa9663839fafb2157c
SHA25610af2ad95ccb861caaee5841f9166ad14f2c6b89f2db23f941dda2f67e1981c9
SHA5129d37a6402571d69319b7717cb153f5dac3417267bcd39ac73710296be7b17e70f62c464982437626b83272e64936fe357e52d8b3508cb31eb086ca516ccef71d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
13KB
MD5279dad77b0626741a9e78215bd9a6c54
SHA12c94c23d81b1bb6156aa268dd8994ff384feb40f
SHA2562e1ddf3a00fef29a064d9e327edd13a587ca24126c7f24b4fe2450ff045aa9b3
SHA5120786ce42ffcdc9289767d033ce3a3b6506378f5742d1d53a8e546ae873e376dff005a696131ea389e37f192efdec11d92f7a1b49af69c0e5fc0cc9925f17c9fa
-
Filesize
5KB
MD5299935416a68a41c316b9b9879900cff
SHA1abf11c7e50fffcf4682010ba46ffdac77920e042
SHA2568402fba406b7ad384de0f0534ce0fa40b60fda7a9b619bfcd0baa316a5a44f0d
SHA5122a97f3ff5882dc7dc95d62a8df5e164d6dfd3b9a6cf158d1fc77f3f8fd0714a740a9df002f4b74a8fef65a4fbd469c66ff8a4b9a8df82b9a4c588ee62a35621c
-
Filesize
17KB
MD53c0b6f9d126be0d5d8505b7c423b62e5
SHA1959309bc98c49e52f52c80597774605c32ae77b6
SHA25663bf11323c4b88d6685280e2b5e7ca9e5defebab58ca00b9677f1e81bcd0565b
SHA512c49f31d523fefce9e41d697af94c378dcadf6c01bd4161220e57b23d6616d706adb8996e0173d6c940f3a012de73294fea9cfa60c4f9a4b2bc01a94f36c40e1e
-
Filesize
7KB
MD5f33809094b5ff4a3cc22ba7bba91c35a
SHA17a5c7262007a43a1b5345335684efff210a25d87
SHA256be92c500b929d10b42f9e48d04cd04796dffa9ca07346da55aa92e92ecde2431
SHA5127ae709b570de838c4d83e4a9f23368b4fd1047a97daa0f8b7920b08009b793774f549d1b07ae7e0b198c7cca247c3434f8901e6511e3900da38a4ae36cbcbfe6
-
Filesize
4KB
MD5c27ee838b6936d7026901f1a5eac5e8d
SHA13572130f89bc43661e7428e44f1a7aa873e1df6a
SHA25650dff959dc956f20c24381ae5454f396c0b7c02c75f90b01ed665046045102ef
SHA512d8b9341c0b3acf7de370f960a84e6863b1d7c23e31b5957c9de9d4fbc8fe0d5c8c4fb608eed7abc01d145c5187b7de5301eab77d9eea15ac6dae3e40bd03194a
-
Filesize
4KB
MD55b8771cd1298b4c7d51345a2ead61628
SHA1e17e5fab8ec8ca59e51bb0205970646a1ec3df6a
SHA2569324f724c6a2521c957dc2ed3c4def7ea62035382a630db529e4594e80176e2a
SHA51221c1bdec454c4b317f8d96219c621e26c6e312dc2f48b2c4204e07cb39dceeb08d5654ad1e4659e355971c6981eecbad3b5884eaedfe526596f283144d9809aa
-
Filesize
4KB
MD565a5aaaca1bcc807f71877d2209333df
SHA1bf2bee700ae3844e8ea0d2a849622238915d0e14
SHA2568e4fa56717bb803bd4828396143d3877f69c9d7ef5bf5c153051dc86791b33e3
SHA512b3a939e4455d80d24504b8471cec53fe5d09ef7e1b00a2e804d7698bd1c3a3bc29e9a2cdbd7dbae1b828f68ee85d16669b7cc4d29e278d3b461d6291b91384d7
-
Filesize
4KB
MD59d2c485174efac4bf7685e3e6a1592cb
SHA1ffbae88e10dacf1f6a3729a9b729d11338161251
SHA256499c5e9269c1a0b63d0e7333d15de609cc00d2848ea4ef54fd5d7bbc362a5278
SHA512be7946e6e08a166d95b0b191b85402fcdaa3842eea93f7c95951575b1e687025e2ea4bcdbe5bfc6cf664377f1e225513969aa53f50f664bca8538ef12a826d2e
-
Filesize
4KB
MD510c619f583a0d310d0a4f88196b79d5d
SHA1b709a204cfb36ff75e8a527ab7bc814c6e8cf060
SHA25634a46fbc8bdd5268e1ac3a2a1a172179391e8882935fdc6e74d88257239d8460
SHA512742cd40725011771ca94457f7eb4460865ffa23c918d661c7a4f8f317499f137cebfddcaad8a9279a230640b9bb4082997504d0293eb1dbbe8680b8d70f32aee
-
Filesize
4KB
MD528d098eebe97db1b224e82899b6a7cca
SHA10ad93666b70a35824285fd5ec687598c465cb965
SHA2565c2d7ea6928eb94a9f293b0aa42294b1822e13592f8b0112f47cee5a7dc50bdd
SHA512b91beecb434f8ccff7ab1d262609ed7d2a79b0c75766a2c6c6578e0e1c7237f49467c95eacf2ef0dd5d3ecaefed20155b784a82e42b69b7978cf10866b31a634
-
Filesize
4KB
MD5faaabc47285917a13ddf9085ec484a2f
SHA1ae7e1c9f996abc995f8b889afa538449fdcebb52
SHA25691b82d1cf2c9b5daeeb21a4c6b1774156a0c0e1d246f5bc7397126b358299f21
SHA512412024ec2e53aa9588e90d13dcf0afd8f908166d81489f9cb68d863d53354559a5ea23d5a8a4a81c8731c04988c8b427f59caae3df52ade62f64517a9fabe30a
-
Filesize
4KB
MD5b7e540728dbf786aa51371712d637079
SHA13a7cae9afaa386e3ac27954554b099a8f5d93ae7
SHA25669ddc97b4f7352252e5942972bc3d5bb732b817c5a1db3d1d88ac899367badb1
SHA512f1073ea2c4353fd8aae535fe89f89cff4dfc4ba4181e6065e4bc96900432bb7591b3d2aaf1f59a055eddf7d436b51bb00877c60bbb7a4ece5dffcd336c7fe4fd
-
Filesize
4KB
MD5d7b67c80767aed3c74f374777f71e704
SHA12b9416c3f309872ff4c7e4d1807911422fe8f365
SHA2569755883dc440f89675118d501ead10ad7d0559ef45cb902094b4c3a7ab996e48
SHA5127351126ee9151b6a049203979fc63e3cbe02b9f71055a34022444b032459d88b4298e0a3dc5be56a57fe606f77ecc2c57cdc56f6f3490df6f5184ae5e39c775a
-
Filesize
4KB
MD5107f2d10bbc3d6b19625f426a5897645
SHA10ce49d0c392787c9fb1792e604663d69b3363275
SHA256d6e3f59448c5c366254e9fb70cc41898a7cb2238bc1e0bb1c5e9364f94234185
SHA5128cc4126a07642e3ac918eda392207a1b86be471a25573889c189294a2ae1fdcb3adfa8452e0c0db665d95c468c6d6f8a983d6f84a7d643bbcc9780d44dcc13eb
-
Filesize
2KB
MD5b67cee510139a5c75a5fbfec6eff7b72
SHA1273a40eb61ff8a054dae0bea898c2cc0f848ee2b
SHA256342f4112a1958cec7c52d7e33b37c364bfce24811185755f155dd955fb8020c6
SHA512cc7e683d6b31d544805820306145624a8bc71a76d4dd2deda58f8212fd0387c10912f86873d0ddfbebaf9d23cba631702beeb72caee582043ef591ec073be5d2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD517cd67763ec12314a5dfc7f18146ae06
SHA1c46a586a532894f1b1974bc5023fe49c40e6d964
SHA25614755767aeae9a6f1f9bc6ffff9edde9b2774446c8d7c2ecca4ceedd475e44ef
SHA51220ebb07c042b94434f2cb223f9a1e895f2970d189f06d77f22d97f52403535bc627e760b00b733255b5f783272b73a7b7caabfc84f566495c3ecb4ec3537e95a
-
Filesize
11KB
MD5b764bf7f6c950693f66e9a90410ad558
SHA1b80a6438921a9975873224421560840c6f9768d8
SHA2568a783b4f9490af9663102c0f675f6139bb62ab3ece9cfecdde92d048e35f2a72
SHA5122a53b7b0153684c5326f6ae881a9d1fa881c731d52a459bd8aa0003817c46058d994b4c666cf0d527c2740c563a4da640d0a3c599d51cc9a0b827fa0fd6bd721
-
Filesize
3.1MB
MD58b6ea83a3c031a60b36324a02fb0e610
SHA19716678978d300443d3cc2a757410489c5c10760
SHA256a847f4126ae5f0d337e772adfae8e9a2c95b6056e6153f36c5f36f93105f84ec
SHA51202944ec71aa93e7db557baca37fb569170cf43a0f25b95e21843cec6bd59d2773cadefef49d68ea7065808024e91f5ff374a355f422e9f48fd2ae5734cbb292a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e