Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 12:59
General
-
Target
https://click.discord.com/ls/click?upn=u001.a0NJ38DJJG1sulNx5wS1jjasHPOV5MgsCNLIOUybEqgv-2F76hJtte7st2YGE6B-2FX17BcL1Kodng78JTuBY0OaKszaSpzJPj0DHqBMF74gkArsYr6PynaL6tJJhF0r4EpZ5QpDwXFCUktQDBBHaojjdgQx5Hj9bPiiCCz-2B6HAZrLqB0SAui3LSpiQFHJvtVcwcmSrl_ZHWNQdOSIZ0xxvQ4CQvMtE9jPxTQrd5hipC-2BCTnAwMT6e6pAsmc4kPpdYY6mbMrBVxOcVF0vzPFn2dWoCtF-2FI9BtrLrTz4-2FGaltzk-2FvzOtN0cqVNWrNx69QPf9ddnnraSPPxkijquBRGOW4M1-2Fj-2Bg44FxQBhP3NcWqtMT0wM-2BRBlbYuG0tQ2Iclicr2xkBbPV2CMhpfUReuz-2FVZJNAXhW2WGeTtxCzJmL-2Fl3AqYcviHyQ41sxBPZ5tD0nLhLMSRMefxUY3EANtkHPQOhGrTZ2Q-3D-3D
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://click.discord.com/ls/click?upn=u001.a0NJ38DJJG1sulNx5wS1jjasHPOV5MgsCNLIOUybEqgv-2F76hJtte7st2YGE6B-2FX17BcL1Kodng78JTuBY0OaKszaSpzJPj0DHqBMF74gkArsYr6PynaL6tJJhF0r4EpZ5QpDwXFCUktQDBBHaojjdgQx5Hj9bPiiCCz-2B6HAZrLqB0SAui3LSpiQFHJvtVcwcmSrl_ZHWNQdOSIZ0xxvQ4CQvMtE9jPxTQrd5hipC-2BCTnAwMT6e6pAsmc4kPpdYY6mbMrBVxOcVF0vzPFn2dWoCtF-2FI9BtrLrTz4-2FGaltzk-2FvzOtN0cqVNWrNx69QPf9ddnnraSPPxkijquBRGOW4M1-2Fj-2Bg44FxQBhP3NcWqtMT0wM-2BRBlbYuG0tQ2Iclicr2xkBbPV2CMhpfUReuz-2FVZJNAXhW2WGeTtxCzJmL-2Fl3AqYcviHyQ41sxBPZ5tD0nLhLMSRMefxUY3EANtkHPQOhGrTZ2Q-3D-3D1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa5cc46f8,0x7fffa5cc4708,0x7fffa5cc47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3664 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4156 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6008 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4877518102830321284,13106298826731218215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f0 0x2d01⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f0f818d52a59eb6cf9c4dd2a1c844df9
SHA126afc4b28c0287274624690bd5bd4786cfe11d16
SHA25658c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61
SHA5127e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509
-
Filesize
152B
MD50331fa75ac7846bafcf885ea76d47447
SHA15a141ffda430e091153fefc4aa36317422ba28ae
SHA25664b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a
SHA512f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2
-
Filesize
143KB
MD519c2bb426809213f9c59c62c2f938ec3
SHA1018ebcba1940e2101ad9eaa107f6e2e5dbccdf21
SHA256b6e94f65d2fa809cdd993e3fcd13d704c2dd8259fce18a807060e8f411f66ada
SHA5125aff573d6bfd6459d21af874bb10084b88df42542805ac0d2d1bc859c7c300d07aa5f5a17f93cdbe1888e77772fd06b79302f0a55db92459589a75a923623da8
-
Filesize
53KB
MD540d402fb2756fcf851dfdfc5a592ab3e
SHA11d66ee116278f23f5f4fc1d51d2ec5ae645d44b7
SHA2562cb4f74f2e7b2bc38b5cc2b7dbdeff7e9f3751459781c3b92a409fd2f906786a
SHA512e091bca1030ee9397e42d52c9dd10c21b972b5c952a22c2ab3478673e8eee3fb765e3ae6ed780c1ce413e27a0a9149e36449c86281f20355dfdc2f41f627895f
-
Filesize
640KB
MD5987ba5e0cf8e20312a4e05ae3c6f27c8
SHA1248b5abf34aa1da90433e375e908e5eb2cdce37f
SHA256985be48b2369119d5d658bd3849f95ed8b48f088ed1955181db91b5d540d658c
SHA512446e3a8ba877fd8a37bde6584e65024ea169eb98e4d462a740e08922be6565f087720968f607990de11db237cbd4ef1f6dd5e0bdc22285a2a73e83f0f12b529c
-
Filesize
1.9MB
MD5e14a20e601aab88f88e260a0633df07b
SHA14e89d97752e419af98f68240165453a903c1b382
SHA2564ac1e335752c22fa30db78f7c506d02470dab4ba377e9669a7e1e3d5f5e88e0d
SHA5122c2300c73fa4736be8eb6d0cf44050d8b3f0a0eb7555e5cb9b9632824a76d87276418d917fffc6eaf5c573be2a1e5e7bd3d7f66b927fb64d46b9dd3af06fe70c
-
Filesize
31KB
MD5db9105ce2dfcd6f7b47d90aac06eae3c
SHA13616b01627364744f5f82692877bf01a0b5ab1c4
SHA25653274f687ee23acc3dff0c911ced36477c11e0c23b9682527284e57bc06ae241
SHA5129c14420ed9b82ee7b498c41f5b033bd226ee844ceb760f15cfc5215ec3c028b72ea2df8857087fa077efe9775fbaf404615a0be87d1de2b59ee3852347260746
-
Filesize
29KB
MD52cb0734ff4f871d5e73aaffb69ec5b68
SHA1613b75cfbfb71bc3a5b16ab5142c7976614ca71e
SHA25662a2e07eb8e5103f51ba5723c0310fdfba17bf7f410d64038725d4ae2a3e2e65
SHA512f8e846fc28e81a83a6322186af8cf334c34958595a79f10d5b905dde29daf5bd05bbab9a74911000df7aacab00ca92b9f313b46fdee5156b6ac9f9a0ead1aac3
-
Filesize
2KB
MD5445bbfd4051a1a0105792baa2aba348c
SHA1d021cdb004384c525770239e8ffcb7575a4f1a0a
SHA256778801d1681626baff43d60710cd9d1f69b0533bcc9c993258827e1dbefdba24
SHA512ee278decb19b04b357c43122561783871640ff39bf2f6b3d29d2f5c2dbcc325aa5c4b39fd13ec0963354b7aba4eb7231990b1924521699b8c17f5a8061106b23
-
Filesize
2KB
MD5cd2600b098deb171b050605be0f3d566
SHA1d373650d882d9bd11992e9f58d398b153578abae
SHA25688cf1d3c22a4f1cb1398482b529e020f81981495283e39786a3123d3a70d645b
SHA512bed02b4b1337bd19cd4d216b2025a08cbd437d16da4adced9572686263d9c8bbde18355f7503aa686eb57984aadcde5cbb169ac7dfae956e9daa9e37b1c40898
-
Filesize
96B
MD5e023e5cac082c1d69186eff51eaaa0d6
SHA184dc13a9f2a39822ee8e7ac830f5f45c8a63b49e
SHA256929f18515db91dc648b37a3f202ce4e40a868ea9b336a7e07288f97ade9ff37c
SHA51214a8e65a35c780e2af5f7934ff04781e8658d922851a7cc6aa9d7f44b39be2e2ed788ba3b7fda52e0e76ed8242b2ce9973cd76ae4b7606e5641ba768c4846b0e
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
929B
MD553a64446d2fd199f63d8b7bf7906c15a
SHA1a95c864ffc1db19664bc947cab46878835301124
SHA256ee5be6cc5286681d1cd9e3497f02e3614828ec8c005daa30a9bca83cc3d2ab64
SHA5123149b8f08827fd30999d46a8585f5164279783bd92d2696151c249127726635b3957176ecaaa34b8cd64f82ad75e0c4f13c2e94ce7c46f9275a7c78dcd233c14
-
Filesize
12KB
MD5a2ea4af0d1265352d30000183c7a133d
SHA135bcf1f697214873c83e0237493b04c1413c528c
SHA256a682c153a1f7ef10b5c93d5155bd157a75cafee1e702eb15dfc1464fb98498ea
SHA512ea6c04a5f797c03fb5b50130cf9c484e258a9133d464d9327a18040348dfe8aaac872d7903d7f8140beafb892b4697444988f397104b584334eebb060f0ed5c8
-
Filesize
6KB
MD5fbb0ed9dba8482380531a608442f955d
SHA18fdbb83e5e2603d2e44bbdc611fc8708d8a840db
SHA256e0d7b95714b37d211679e443e060a47f4089f2f0da03c218654418cfac76ea96
SHA51292649b1526a96cdc6ec69d3996e0afd32259e595ea7aec25091629f075fd547cf150a685ac16167331e598220fe1b7eb496d79687cfc2bec581b404f487de38a
-
Filesize
7KB
MD5e20834de875a43ac1dbd16c9a9d5b836
SHA1bee9067e09f2f6ed4403ff56f5be29e3de29e64b
SHA256cfae678f4bb0d011b0dc7dbc82f8b9c98576a3282ed2f0716f133fabb220c6e4
SHA512887e3e81a4dc7b0f289acae1bc5d3dfa7b80cbba9a1f3754478864069d0c065ccb513840a982c4bbb6775517a1b7f396d76b5e73880941dc32b49d213c432d0e
-
Filesize
9KB
MD5a0139143444170d464bb762b3afc9fbd
SHA149d191254f350fd3ebf29c1be1a59f4ac3695415
SHA25676869e1633a37eaa27c6b02003d523604e4a9186821a543c6771c740f8d53658
SHA51221bfd8cc743a1e14ff190e3b8586d3692c48bc749541c1a8f1ec733dd9fef932f800db6623e8f7c7e5af6c3e5488bcb71a12f2fc14a4aadb91ca39ade3ba3cc6
-
Filesize
6KB
MD55518d1dd2f8df9530d146aa96f0f86d6
SHA1dcbfef64e4b40098799ce7e3762404dc8633c646
SHA25659daafca766bd1cfbba3e2d8c752d630575eac544f89dcde629cee78ae9888e5
SHA512d0ed78417a3ff008f23e2192876ac561a87fff0859400f840e0760bb32fdd300394a8e064d567e7a119ce3a1f411f76de4655e7e83435430a16951e047f2e45a
-
Filesize
14KB
MD51971f620c5d070215b494c78162a175d
SHA1fe61742b273fcee3fa00403aeda90c720ee1d744
SHA256baa3e6038e5554ef1d941800ed41cd17ed9edbdc1537f9ad1e8381457be490fb
SHA5128b56e7c63f2c79a3ceb95f4707af14bde285ba560f8149f2a6ab88753bfeae26518c687674aabf872019d248938ea623a780de2ba3341267604fb68852dc63a7
-
Filesize
1KB
MD57588dabd7c735d26f94147c97baf3923
SHA11a5f20985c26168ed185fc7c9f2fd9cec8e0888f
SHA256f8ff29d97dca1885036f84e3439079aabff9d7db53ddcbf4a7c0d18da55499cd
SHA512fa56ec770d72943d7edaa32e7bf0b4486e6390b679dcb8c9abb069ce18dc324095633368beca037c648e0424619e76285afeddaf7d5b83abc1223c5a5862b880
-
Filesize
1KB
MD5ebf97365759e6660b85677c7d89d9d90
SHA131efb2dc34c3362d1020657acb6dc439fe3065f7
SHA2562f62f633617611bba807f04f1e22187326a6d7fbf75541e236a0fb6d3dbf5f18
SHA512e32233f55c25326e94a3869a34568bda152b27f4dcee1dbc03da8569947f6890b38a5be00af9bc9052147abe8a3e9a867341a4ebeceef3d21487e1702c902976
-
Filesize
1KB
MD5b3fe797237f06b699e52a7e3d2b4b9de
SHA1a8689dd06884aba273c4321d70b990f47275869a
SHA256802372e2e5ac92160c47e891c2d7eba1a10b1f65a27f6320d5d9cbf2cf36f30b
SHA512b286682ddd07a9ae3f79e8a1d0960e3112ff9dbe372b57304c56a84254f8186c9ea7bc5816092b35eb91a0ce0e901dc9328a2660465f15b8a965dd87ecf0e84c
-
Filesize
1KB
MD55be276f090470c0c4df4bffede16adc3
SHA16cd2ceb0f9ade1ab3954306c005feac17b40d9e8
SHA256ceeb22bf4edfb672f9a03457816b613f452bdcb16c0f0bd7cea70b45ef1d23e3
SHA512abc4953ca1e248d22eea285145fbe7ef054b1e9443e8023d9d05b711a41db02f4854b009a5b18130443d03e487edd41f2375d4fad36c95bbfbffaf0ac91350d7
-
Filesize
1KB
MD5e2f4adca2051c3fcc0d7a91c0f695d7f
SHA18a8125f8bb2179bcd733229be1d2d51fae4af0cf
SHA25695b239fb9e9dac5b053cd7fa0811a82835e0174c7a2da2a3bc001f1ae9af866b
SHA512aadffed931035f20f3b3882b99836e243bb8f9c290e876dac655d03e2b024bfab281aae6e7117f64ad0973c98b2ae08b01dc5137250a39cd7c3a0a3e4193a297
-
Filesize
2KB
MD555e2610a3577d59ead51b5301f6479e6
SHA1b50853bcbba752a9413b78a8d8d8681bf089e71d
SHA256ad9c04880dbfd8acbdb92cfbda41e73b5fbe0294cc528969449c8fa05192eba8
SHA51209817696c15c7e40ea63bce5ce6114a5a377533f5234b2736d6fb0df83f161947eafd958aff8a8cd5e44674ee3801ede9c9534663eef04dbbced63e7df0ab13f
-
Filesize
1KB
MD566b1dd52c8ed89494200d0e4e0220e7b
SHA110451b2cb30ab8e2d3fdbcaabdb60901ed2ffc84
SHA256417cf80f4adf68153168863f0e1a9e4d38f27163db85850fd37398ce26a85551
SHA512b1644e36e9afd704518a65773045ea0ba2b7fc0fb7be003603cacd0c1c092d2bebb32309566274112bf88b3a9bac3e99f0329b257082ba381e2e5a827c758187
-
Filesize
1KB
MD5e90b96822c9d448b531f42389a8302b3
SHA1d767d4717b7d269bf9f465dfd551a8a610279334
SHA25604b3503497d959ca4fe98808be2489b96dd3e7438430660618e3b9ea671526c0
SHA5128ad38e99f94c32a31cc6c3acc7daf90dfc8bdecf4f00b67c699f30faf3f9850439f42337445158a820ea8b0ff4874ebc2f3a6e640ca360160f43fb52bcaf07bd
-
Filesize
6KB
MD56ea967d74f1562e82d251a7a8f4341c5
SHA189f5401ea44e93af09132b370a983efe51566dbf
SHA2560e36f94be0f6898f6de1952a5e112132dce355b1fd6e6bedbe3d5ca437eaa719
SHA512b51766213839a8b7cc52556299bd81a81acf7e0a3573941945349933a35a8c6e46ef81ee95ba2ff5bac760947c7b83076030636068165991c24e98ddc8d82b8c
-
Filesize
1KB
MD5f1d676470f5991f0357c4c372017f220
SHA1c4d398bc3ed5cc5119c36464e036637aa6ce36ed
SHA256df156bef00ad89a6983e6cd03cf4735fd2c05d33ea6bc2d7f938729454198233
SHA512b752ef66355f52db868421bbdd4530e591563c71ec46536d391a71d778a0f8ec5e4152cacf586cdf1f1f2aa31140a7a0464080edeb6c5583b9aaf809a417aa46
-
Filesize
537B
MD5680550a88796f3cf237a2934ac76362f
SHA159888b09bfe44e6b87521c8bb181a4d2f886df92
SHA256de283985dc7dacbdbb977c29dea97a10d0c0ff33fa28c5cca262771b84805399
SHA51260003cd72907436b6ed84c804c19622659f1bc24236c055ac796e586730a7835064849350e9993f3a9ce5280b76459d805a4f2ecb31aff92527e5a5107ae1287
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
17KB
MD59d94395346f6683bb6b116c66d2b643f
SHA162e3103ae9b8d5eca5b64a2feb18d77ce925c864
SHA2568eca00f18dc0287afaf00f6404d330652a4b1a810f7dae73c774bb9b01dbd982
SHA5127eef3ff363f58c948a44a88a648be00a788d9fde4e133a5bb136856972243fcb287c32bbb12288c20c2621a19570dc5fef994ec6f761fe7b41337b3e1ae36349
-
Filesize
11KB
MD5217598afebc17dda16b91caaf50cd0f3
SHA1c5a3053968b8afe59a22b59de956c8b41e5fc0ef
SHA2563acb7dda6f4a008e916b344ebb73779ad3ec10e3c7ae9e9bb5fc9b8613bc4d69
SHA512bbae89f6cf2bfd3970a4aa9f3e53c1a9a97caaac65c9c5621b424e10822926c7a08651c54947e0a449e8060fdad9f2493baffb715325295c5535af22e858b2f8
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84