Analysis
-
max time kernel
59s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
14/07/2024, 09:09
General
-
Target
http://twit
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://twit1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90f7746f8,0x7ff90f774708,0x7ff90f7747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5640 /prefetch:82⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4020 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6828 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8844 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=8336 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=10492 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2088,13514618990129707812,17681721370631907917,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=10716 /prefetch:62⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x424 0x4e41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CredentialUIBroker.exe"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CredentialUIBroker.exe"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bafce9e4c53a0cb85310891b6b21791b
SHA15d70027cc137a7cbb38f5801b15fd97b05e89ee2
SHA25671fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00
SHA512c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c
-
Filesize
152B
MD5a499254d6b5d91f97eb7a86e5f8ca573
SHA103dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1
SHA256fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499
SHA512d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c
-
Filesize
101KB
MD53ec23b01cc3edcea7052b71e5228df44
SHA1aeb8bb91dd18b7f07d4920f5fe93443cfb561d6d
SHA2561a497a96e7f2c88accfb061212a6f43293fbcc127747aa2af55a8e8f58a95398
SHA512fa17866bc0a214015d1f00a0c630a012290a173d0dccb264d7a53039d355b1f6b686a1fd07f6ecbaefb701ce5908ce0bffde3b1fba2225133c1b49d673656c40
-
Filesize
1024KB
MD5ce63581c22743d353f85ad341f7e5c1f
SHA1440c5e5852c9a378552c06b2ffd2eca48ac11e47
SHA256158544fe70e8c07b6276fbbfa3ac3cf54e3c13fc322af0e0b7d3a466164bf8b6
SHA512250a9e8658e78ec6987cd897aaef2b124a6c8fcb332c13ec49e6a1a9f91418329f9ab59b48cceddcbb9a9f11f2c7ef0e08f0a7323059950d1e45670b13c120df
-
Filesize
1024KB
MD50d0963bff955238e744eab7d7f37af08
SHA173fb6ee2e072d2d89e8492c400e6dbf5924ee81e
SHA2562aaf4aea1844419e33dafc42cbab212dd3a5d5406db3fe2c2165627a8a75140e
SHA512d0632230c8aa4189199bf1bcef490d5f099501880f51667f51350c9adc1e8218cc1f4a481076030878f8a8b7d2af67ea529e7ff0af642371f7ea3263f9117dcb
-
Filesize
1024KB
MD538261b3a8aadac5d5073494c7e21b412
SHA1ecc7c6274aba2c55254da1c694aceb0928336d3a
SHA256553fb4518bcf1a43824481c4b04a2374fcba9d3775d60336afa91c52b707d82c
SHA512adfb4c99e9a2088ba99ccfafc5dea259a197f0a926eb7d10c83f31988b21459974504d787817f3078af276ebd56d1438e7f4aa7c1d604baa6ea6a01d30fae12c
-
Filesize
402KB
MD5a9c05573ac581d85342906373128eff2
SHA13b0252276eda6219f38da0d3c90dea44ad57410b
SHA2569348bed38e2bef153fc949c0f87c8937a7a324a2cbfae9dfb64f791e4df5fba2
SHA512767582207797269008810a2860de0ce0d94f58b1406bedec881f7994ffa117cfced7f99253218f31f1a39db8bca3a1527dbd2b53a0a04afb3e546f91483e3a9c
-
Filesize
168B
MD536570119c54ca603b8ce4d3926e41945
SHA1c10fec48651f85734e0ceaa61459f4bdf8664dac
SHA256713b40f453eaaa7cf00481df80cc286d18e6e193a08698bc66e2c9b919ede7f4
SHA51249970ac8c6486060839e0e853ce4a697c3274d751e64788339d4eeed96fb3c6a582a294729531e1dfb421ba8775497ba320fc08cd6768587f3dd67e98025d3bd
-
Filesize
2KB
MD5c0794e7d39d7d4b63855076cd13a467d
SHA13e6b880808879812a825cfdc69d80602594edfaa
SHA2566afb7e2c0d7cd736b64b2800baf3408f0f55dfe0e337c1a24b994925014d23bc
SHA51259285f878800bc105925229af88da0f8bb1a60111276ea57ef82ecc662ce883e0f60d84336f3276d79915b966b3b25dd2c14908e10532c43a79f00973713994f
-
Filesize
6KB
MD5abd9b1ac656e94f21fa77b8efaf27e69
SHA10393bec8f6d1824459fdbdddcae77e270e9fff3c
SHA2563fe5630a544d798ef4b2494181dbb870d17e115ad05057cb1ab80de02e0f873c
SHA512aae4d9a5a97391a2c2ebefa04fd1586cdb13c2087a7ac776162987a141f161eb05af1a23e9307d2c9fbe74386295a08a56a1a1bc06c815d89fb9e307c3da3720
-
Filesize
7KB
MD533366ce4cbbfffe9886fc781aaf11714
SHA12a98b5829ccc39de3b18d29dd28e9ea9077b6494
SHA256d2598afe051de85cbe9cbbbbe5a58b631cf74c3b4fe2730ede598668551c0595
SHA5126770b73d8f5b95c5b39a58b8a486cb2c492671c4a99a539e0ec3d01600cf5a4f9c61bf813df03ecd9626bb486f57798da0e7dff944efe0ced7266def7f3f3bdd
-
Filesize
9KB
MD54f1fcf177d5914c6fc17a71318c4fb34
SHA1580ec21a15eebf81fe89acc22add27950a76c094
SHA256fe2333a0197a9b044e4c2811531e0cb020b9fad680e75f812cc7d347da923c85
SHA512d0d96b641fca666ad0982d64325111dd7836bb2be3150180b4a5eeb329a946093f20af8c25cc3fe504fa340e2dcaca524569bd61084b51d7976b20e8b5a62947
-
Filesize
6KB
MD5b61971a2ee3fe46f5b041953d06aee7c
SHA123e6be8d6d719c09d635219b0765035d826349e8
SHA256fdcfae00429f6736f4f3036ffb8b79d0ca4bd059f32a4edf1be29de5f4ec29a0
SHA51282cb4a96e6b9e9c4ff2acd704eabe85baa2d39e024353453811a2f0e4fd0a191afd3faec26399e4ff37abd3a4031982c911397e79e6e2271609ec9c24675ae0b
-
Filesize
6KB
MD5dafddc3bf6a27ba291eecd1013a43a7d
SHA15c653a1f53162caa88b54dff143a9008c6301b59
SHA256f37b78f7526ce7c92efe7eec21c1c5bb9d84ad46a39b0584277341787e66e60c
SHA51209c42f9ee813ae76ef8c76ef0d5b430fe2b1b8fb31671b69da95ae0b9b8e224283261ec9e49191ba19b55d004ca583e8cba3aae526df9f7a9940be27af8d0be2
-
Filesize
9KB
MD54c3342b3995d1be1200dd04a1a4f8de8
SHA1547147787bb6ed15823a25cc7c656af7ecb98ff4
SHA25637612c1dfcff6968e4e4a70b1f69cfe46c8e566eefee06839a1e74ac6b01e414
SHA512bd0e15b3fdc10fc3d77193ba4c4a33b6f5062e0da9ccbde6b44a3ca1151194339e72822731b93fda35b649668fbb36974059e4e9452d3242c281dcebd8e50520
-
Filesize
9KB
MD5fd789f5b6574d4a1ac9b21166386b844
SHA1af284038a4fa5cfe5f597bbb9b5480eea381bcdb
SHA2568144aef8c0b56c99e07fc8808c587b5e51b1bf591fae82db031faaf652c7ce68
SHA5121de5bbc2a6eaaf0a02ef32bb4a89be355d1ae9534e9231cf3ec6d6cdd3c5a2b6a5964ee99e541e412397c6dcc5148d325e473729ceef1121b57ad7d68a026c41
-
Filesize
9KB
MD5d8c0500bb6ab62e752b0ef245fc4cc51
SHA1bfd9845b0b1640ff5a14aa95d7ec4c63464824c3
SHA256b9fb4558309abe447a3246bfe6faceca101355fb165329b4b86ca61db39529d0
SHA512f997cd448a74214e8a82b19b2aedbdf83581131fc8f3e99225b74efd39edfb29273464960d674f5adb79669af9cc471367f00b125dd371ee35e99c6fccea3d96
-
Filesize
9KB
MD5108689f1c880b2378047689cc34af60d
SHA13632bb3b3b09b62f38ec58a3245fb5c397bf8bd4
SHA25618bfb8055a7cebde4fe81bc57499cc5681d421597838ed0c2a18dbfb574b274b
SHA51277571691948e48ae6c6a003804a5b09602654b79f806871cd105026683fc9abdccfbc324d05fef6838062e6c678b36c16bd5629d8f961aac9f8e7afddf51b7d0
-
Filesize
3KB
MD57b958880eedb867fb3f0b913da724b53
SHA1cca048c943f96d5f2356742d6a41154784e1c633
SHA256a1abdf3b35976424171a9a213dde731e0d7417bbb543b6111f30549e59b9b15a
SHA5128d14282905cc711516f94313b7dc64201a03d72fb7c2bd71fbe68f6fe1488547364dd952c5841b30915998a26d0859fe08f53e92cda7ca0eab654de3a9aff789
-
Filesize
3KB
MD594d491353b7011061543b72da4d45310
SHA1e805629bf1d65d67c7637c49bd207f2d55b57de1
SHA25636fc582f025069a58c877484cd41678133e5422b23e758275f9c17d94ba6a3c7
SHA5122a23a239ca625beb6aba2731b553634dcafa6b0d9306f1bbe2601f4bc18e38ff9f88de1db716ecb9b82179e95bf237db4ee798cd183c24fdce59522f39b44ac3
-
Filesize
538B
MD55d88e1d7eb71e1c42198c0f8c766b6d4
SHA163e503985d9035604512f742bdad97868eccf185
SHA256060936a9085069cbc06e8b6eacf060efe21aa7524d0148b62d2cb8f6eb8321f4
SHA5123d340172cf021b0b77d1db083494e20e2d384d31d15d97c4bcd9617a6be48a37e88a963e94b3132fcf40d2d2c035a0becb2ca0fc4a5ef94a95a1ca15a57f6d58
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ffb3ed03c838e09ca68518b09fe7c87c
SHA11ae377c521c6805ca313ea48d4166a1c115b159f
SHA2562f0fc16aa06af8da980440bc296de1e841926b86bda35720809fb877e18d198c
SHA51256e1d6beae314bbe03d781959789c2212938c7f6b9024a91c0547973c0d9016857515d99ea40897eb5468093d6cd5f99b41d9d3839092b96a55e09b43f0aa9af
-
Filesize
1019KB
MD543b7d00d896163d58530c4d28ed0bcc8
SHA1f26617e69b227b8a005fe47c4ec8d0e3e0343945
SHA256811f499c7f4136351c3f38fd9ce9172f65e875f50c50fe9f05f20be9ca4a7c6c
SHA5129ef73895f99c39765acac64844a83d5d8131edfd884db66564e5741c54e53d5f1199655e1201a8634be7304c1ed675aabe10993f9b15e7741af4b9710a65f680
-
Filesize
143KB
MD53002d33b104a05063cb546d772150a7c
SHA1426d180d2fe7d775792f40bccf3fedf2a8c10bde
SHA2560d96d32736081ecad972c12e8bd9db8b217c143ba1afd5d6b474bf2ae8db9c93
SHA512ce5c27186273c0271ed4f2f29012ec40cf1d6f5b6bb0a67027154197acb25bcbbad55f3afdf2338901f6a234e57e9ebb0f562fc057ff3af423b3b00f72f77e99
