hxxps://github[.]com/viperize/Discord-Username-Tools

Resubmissions

03/08/2024, 02:22

240803-ctzqdszepk 6

11/07/2024, 21:15

240711-z39y2svakr 6

11/07/2024, 03:25

240711-dymgaswglq 8

Analysis

max time kernel
1796s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 21:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/viperize/Discord-Username-Tools

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
39	camo.githubusercontent.com
40	camo.githubusercontent.com
60	discord.com
63	discord.com
64	discord.com
233	discord.com
234	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-701583114-2636601053-947405450-1000\{C9691A70-7CA4-4B95-ABFC-A6E1DCE06B55}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
1128	msedge.exe
1128	msedge.exe
2816	msedge.exe
2816	msedge.exe
856	identity_helper.exe
856	identity_helper.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	636	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	636	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 2400	1128	msedge.exe	84
PID 1128 wrote to memory of 2400	1128	msedge.exe	84
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 2376	1128	msedge.exe	85
PID 1128 wrote to memory of 4212	1128	msedge.exe	86
PID 1128 wrote to memory of 4212	1128	msedge.exe	86
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87
PID 1128 wrote to memory of 2572	1128	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/viperize/Discord-Username-Tools
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdccaf46f8,0x7ffdccaf4708,0x7ffdccaf4718
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12975210255554247592,13623311382349480873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
107KB

MD5
dc824de5f286021352610b6536bc870c

SHA1
92c83c89de52a99bef3bea06c3fdb40867bd83dd

SHA256
868c8af154d0dfcd7dac2096c828702ba3ea608f0ced786334ffa146bd097da9

SHA512
7d7ee59c28c89af0dd598d6aed62cb446b92783ebc133276b4985e3208d672c023169e8e99f8c22cc72bf94cf2c107551fd5a8b491eab6382dcddc3d59ca070d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c98871b961ea6d4305dee82db9590ea5

SHA1
593c7963316e67127facadc40828ac442d4a1305

SHA256
50f0279e2c7b113bea6fab0ae4274f5d950582ec0da5e4283d630dc0156e3823

SHA512
0aeb65163b8e18d5163719bdc855daa06ca92c3bd9b78f7a17e3f5dfb067a93d8a100fa280256a9b7fd0a2dc44703ac14be807a4cd5ef704651f7f8c396cdf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
699685c805dfff64e331c50183d46df3

SHA1
55af97a5bf7cc3cf86d86345e7ce6fe4658f2e0c

SHA256
0ce59eadff3c0490e61531b8531ba2585f8ef63a8725cb36e003e06cdae4df31

SHA512
17d59ea09ffb10c526217f5db5dbeb23da7da225b7d6bcf15283f6d0c6d6671193ce9fc9d109b9518958c48c501d8bae070dcc126dd5a9c36d764cab18811bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c1aca00e7fca74d19da82c3c64c432aa

SHA1
0c38a1b239183d84fd74829d1a0d2c1ee29844d3

SHA256
261e2585bbe602181057362e9e728c0a436b23b4db6b139ee007ea2eee017081

SHA512
6155029553da4a4cb10106313a8dd59bca7e7684cbfa909b189c8377c88f548be35efcead3f0bea1463190da64ce507f87783392f6bcd5002abe149a90f5e61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
d4b726f208c325816f9cd372b5a046a3

SHA1
06e903cb4c0e897b9f3a19ff1746344a5a81b276

SHA256
c96c359d87a57372f899d1d49297973cc01591a7affbdb8af7ecb3b73bd76666

SHA512
e69e59d574ab603648f571f2360c27b473afde07b069d314b776a7d80273744b9db6c4cdf2be58aa632f1c8e49ae6bdf4298a3a9a0b653e36583225d6d0b9a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
45a9ff9137a902cd45644328851d2557

SHA1
e9748aab91c6f661c106f3e63dc9a119af2b92fc

SHA256
7a64c53763aba4b6f3dc63b422b7d8f8b43c0877a9d963d1cb07c2f3923d993c

SHA512
958fc1bede7dbe1c42391757d6d1029720bfefc1cff6d3081d91da42c464d27191b6127b1727e06fd2156f514ca2e225e086e0a879c310ea633f81c455a27342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e004c3e415afa9247bf61abd20261f65

SHA1
bfa4ba0020d6b884c0f7164ba67ce25769a5348c

SHA256
2cc503ebd57e39edf2434439f3f1e8d64489b34193488f8241652d943d910776

SHA512
c15b0adc35e4ab4067a828b29e7c400a31d7d140ca10c1427eae226c7b3b0f2c732e2e6c32c4ac063b91310f6e3e28b79a1422ae0443600c1217f261a97f3885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c4b15d83c04dc79ec1dc3ea648b96c70

SHA1
b1dde438f029f47d3e6cf978ff6746740bb7e3f4

SHA256
5b4d049d6f362b486e549735597b86a7590cbcae9f5c062ba9abc9b5acfefec9

SHA512
58b738544503059a659771c332966ba8c7a8750508d04d8709e632e0197f2c3a6835ab8de2f161d072858cca7748f66f517beb9f6817ebc40ab1c13423b9e758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
701dc7fb57a1c578ef4d82186f61ce72

SHA1
c6bddc153ab0c78a4e757f15b56b8dacefa8a2b1

SHA256
31be1dc1abda441918eb6eae0dc65a2928b43306a8ca79a192d554699c4f5b1a

SHA512
2522382acf0f09ba4cd85b4a141c3793a9b7e64ae5dcbcb0fd6babe88fd88606a045888e67b9d44fe6c0340e88ee4c03abc258e69d87675b2ac226b6663992ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f55a4f75521966b8ea099bb7280e8425

SHA1
24c67609acadeb32a523a45bfe89864453318886

SHA256
b16fc42c30e1075f908d8232dd9222ae51269247db1fa9b88472cccca7277ce3

SHA512
aa65b878368a01f49877d47b4baba493c5b33fb11551c7886a20c28ec38f0b0303f1f6909a98192c27544578f061b5813f6c04679007349fc91a8d90338c0eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
130f532878acb4674ab508e14a58af0f

SHA1
2c9af0b1be2616dc76f4ce3e3964fc7cec58c07e

SHA256
1a842114d83311fdb9bc9564812c902f482f7e721692a5b14a27e9dcb52010d4

SHA512
b6fed1127241551e4f36e30cc3fc587cd42fc9bca2170af29139b1d8819ab29bb2294e7a2b31306c6e389e31fbae8303bb12b45a58a5293f696e02d862890f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ea2a0fa9e9f2cef82ba358f580e441e

SHA1
6179703086d2767dbb9d42aad396e2f0ba114f12

SHA256
a153daa079c052155835ec30d345f168ba9251bca12ec6c8c6c1be6a927cfad6

SHA512
17fa8fd7da574e8f0311211372e6343cf326d825027ef389636b33fca6ebfa558976a7adde3c5634b6e77db3a57741c0c1f392db867ad11fcb79612f1b833ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1d0920001905fc735a4d59f552a2b228

SHA1
adfd35f8bd60b980c0c640dc2b4a19fbfe19838c

SHA256
5d33b6b64e1f967b127fdb1806257578cdbe839d8c209b3191c7c666d07812d1

SHA512
be6e873e3271164239785a3f0675636e47167f3367f69761a5f5812ab84140173185e8e9dd5688b047fa48f8024a8de785b41816a318a8cd33358240e99c3f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0bce06a496f580dd509de81f594a7064

SHA1
67e6b5470187d9995ac7e6f6866713a2ffb721a9

SHA256
c8c9e9a1ef8836f9d08e447140df5b62a33e273e9e2423f0cd0792d8b432af65

SHA512
e4d2ba0fc0155005d5954e19dc90a03d143a1d571adfa47246f4f78126c9e32727faa48ab00471463c7499d0a512da3e7755eecb09600c1988ffcddb43b0dfc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c498c2a0a5ee5ccce3f2afd0602d251

SHA1
b8c21f135f5c09e79f5693028e9bb76f7ac996f8

SHA256
c3af1b676a261d4c69f2efd5c55f1010ed6e9e4e53b2eb0f48a807c44794e6a9

SHA512
f28d55e8451da7cacb64d75897ed701af33ed6fb215f90cc680fb14c3a8500b5b654ee9a0547e7992a11d398dd4edf3f3d511746ce84eea729f3d0e94c07b48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7559c7165ec4c9590318ec62751bb0f

SHA1
408ce2eab38f85c3e3d09359478c3bb88d92ef3a

SHA256
4c5e780264e92026f566edfc37aae939de5289ddeac7eac70ad42887c04b7476

SHA512
8c2f1648f109842a8b99d633e69c0ebe0ea85b5405aea0a21bb84b812072bee5b0b235c98ca6050f92abb80dec1675270d439a854bc83a5ca0d7ed11e3b03c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
11d53f1004a570801dbfa92fc1e33a9e

SHA1
a44291d8df015018aa87e9d9978d3527e560a1f7

SHA256
7961bb50887b2c54f576faebd205a3ecc2667985c22bb37705e16512b1a3bd71

SHA512
8b99de4ade85119e88d1f19fdf3e07e147618e8128412fc2c05bd1ef44c81b1fdd13f047c34c13a69a43d521ac307e5853919a93cab924b2a45832f805d96c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8438053701d506ecea14944173ad3ea8

SHA1
9e289207e432cfa67c5429ec2a310673a5c5d60a

SHA256
e9a3d2ba49af0dbc6e78972cfa993656598985802197d1b8ed507e77d3c285fc

SHA512
d5c949723f92b2efeafa95c1e3c333f8484d0f4fdcba9b7507cec7eb6c1c30ea9a0b47eaf768e026d97aacfc62ef2b25f46043b39db491f9b2c1d91117c4e717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
54de91a628c4d557535f471ae30fdf59

SHA1
fc8e48d15d05a97d47aabb6f5e61e6f1a5e1bab0

SHA256
9c271e215470fcebc1b2074f91d765a2695667cca95da617bbd424c801366d76

SHA512
4f4b509566182859c8d49007c0e1fe07cf7a986d3a95833b730fd4b3de02f97722431345013cae05c4a6e3b4faf3c3e724ab34a31328f10d0b07c72ab9d1297b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ab7fdca4f2e666f03e08c2b771b290b0

SHA1
7b603ce6c22dca1a26234ce7b525d15a0501d58f

SHA256
d4d7ba292399832fe20bd223fff771e93b87c9075598d843a06d94fe8ab94f6a

SHA512
3407de62041ff4f585559a4f8788d0592effed7b160d484a681dfac3409a8f9fd160f3260abc880271a59734140f785a1abfae926a6dcca2a3376390bc494c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
476c8f88d7912c1e9031c143e7ec78a8

SHA1
38704ec7cbe260e889de2552160b7d2c6853fe24

SHA256
7db176046f92bf6dd61da5d72ac199cb8c28f05a85e662fa803bf3af2c480791

SHA512
18fda366526af54575bb1eeb262c6040fa392f4215aa694f9d5a91de0e115bd8b581f42ca9f351e1f79eb7c8f9ab633d4bc42ef80d68612db0c4e96d6f52a619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dd3dc163c7f10e393ed72f86ceb5f09c

SHA1
a240e3853e6f30691871fcb78fc184cd0cda1aaf

SHA256
4f9e57c0d1ace41c11674c9fe0ce9aa66657cc26520d98d6531b6ec3ef22f525

SHA512
1eb9d748838839173b44919c17c7191e90542ae2e59c77d6cbd0feb8d0b49f9d858cfb3749579780dee0fca028f544b8ce93f4e805db10d582ff4ca59f252cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
099c6e0b2d44199f3163c9c77db76325

SHA1
2c82df9e57383fc8f4d6334f393147578b90f9d8

SHA256
f47d739dfc3a602d0fd7e12eb9248974a79934d61f79ec6d252b1a9262bb127f

SHA512
e04edfd5aaf2d6418b129a347565de148e30ba283a0af792eec08e535726f294b8c0732c3a893fa88d093dd1be0370134be62ec43395538ec7535a96d05dba5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ec7f17c77cc5e4bdcedae22e91fbf588

SHA1
0dd2b94874af7f7b2bfed7ee3506cb7fb44f2671

SHA256
1b21a88d98a85f9249013a03daa6e1d2b01aa5ce850b7b0bd0f19323934c79df

SHA512
64fe424f4ad89916636e024d114ad771f5e9acfd5341449f6bd123e913047f7875dda48f00e4c94d769af13c6e096320a0d4d66a7d79c84b5f06f42995363f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
311c8ca68b00f9985eeee5ea404dcaab

SHA1
bd72e4960c5c3ec93d03739e4da4376997305364

SHA256
d62330e0a8c040fa75d3f42f80d2e94c90e53e876acd00ebfe516e1fbf870857

SHA512
9b27b16306c6fa1135f714ff06ab0eedb7a2050855d4af14e43fc8d3ac312721d6d6b3aa72863a40b9c6389398ffc831c1ed2dd4fd4ea5b5216382d9b5d2ee0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
18e651bb524d5dbdfcba43fbe4b5090c

SHA1
ba1f32aa762f62dbedddebbcf8f9e7e83e593e90

SHA256
96f4af77b601ecf11d5dc380507a58d044edeb64d6c43e62db0039b5f34d9782

SHA512
2f62b227270c6f23e69281b0c11c0db4d7d8ce12be1a324e1e80500791e990a4606e25b4ba03afad1c33b383b62c42ded501ab741c0caa02a38c2089d2d4d6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f86eec881dd3e5280e0a0363d2131838

SHA1
a7e61a1dca6e4117f192b9b4bb9310e044dc7d2c

SHA256
8d621cb985395f100c328cc62135d091434d63edd9ef9067ee711c6e3e06fd74

SHA512
031fc101e8e39f17306f3c9e36fa783e3f186c5504cbf715505bf6fb7f500a0ee7d07da7c3819ab52d88a1893715572bc37538b10e25cf06dabc845976f475f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e8af2c01e1a46d9fc8ff08a0cdf312da

SHA1
6b8cb3029f5a3cdbc7b0e3ac2b66745d2f308ccd

SHA256
04202aa1717f0148351cfc331bc9633523f0c9f4c9fc66b089836391f4b43491

SHA512
b4941e8b51433c507628788f7afb5601cb6e78a7ad1fa5246d2cd086c6151f23ebfb5b697340fad846a3ec2fd72c8231960748c9cbfed3f071c1f743efb0a574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f29e912057b7c22140007f0ae10dadb9

SHA1
ae1b1b96c20f7ecce590ddf13575e46f6c30ad16

SHA256
6eb069fe75d457579706a96e5774d35b2c711ecdef4e6097694ac1490d03fc8f

SHA512
54afe3ccddfd5590f3a8518232d22d080cb9b1b9943c39de66255ae62f66c479d372281c81e11c235849542166838cb44e76c54023edd962bd106c07cbcb4c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a7179f3471568e32aa07d5c352833262

SHA1
8cb92daf193c8fb5013bcea716a296a8d8ef9a76

SHA256
ec32bb02af4537582303555f9e25907628990698befbbd3f53197103201e0782

SHA512
f543e449cf9efa0558151d7b092385b9ff4495fd18fb1fd893a326fdcad42fac004aa202840ab2a3ef714121f832e8292ffc627cb5d9a1929c8ddd07ef0370b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58002a.TMP

Filesize
705B

MD5
acee1e564984d71735461557cab768de

SHA1
4c2ec6ff2ae52ee688f066dd4fd93ccd968d2044

SHA256
571a75bce9aa0a68d264a4573a7295fb91d06dbb6f4d04c7e0f7d5a50324f726

SHA512
d178623ce9547eed26f2503d98547ee8ec71965c6ce637039f461f102fded05146deb22fe0171ef3596b62932081d61e3f2f10ecd32bb2e6bacce463363fc312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca797801d13f339e494d62a4aae4de3d

SHA1
21d43ec982327ed6cd3de9dd8e52b4c51960601d

SHA256
714c13309c62dd11bf4695ddbd272f802154988efae9054d0023e4171721ca20

SHA512
b0e08be2ebebfaf0fcd3e2a64626d76db829541e14337c13fe7d64bab314de35ad9b8df812e4a861219e1d6f7402539cf905e0f0bb3c1c2abaa6f29fe12ac775

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit