Analysis
-
max time kernel
497s -
max time network
496s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/08/2024, 02:13
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Google.com
Resource
win10v2004-20240802-en
General
-
Target
http://Google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3880 msedge.exe 3880 msedge.exe 4552 msedge.exe 4552 msedge.exe 4968 identity_helper.exe 4968 identity_helper.exe 4160 msedge.exe 4160 msedge.exe 4160 msedge.exe 4160 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2188 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2188 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 58 IoCs
pid Process 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe -
Suspicious use of SendNotifyMessage 56 IoCs
pid Process 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4552 wrote to memory of 2560 4552 msedge.exe 81 PID 4552 wrote to memory of 2560 4552 msedge.exe 81 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 924 4552 msedge.exe 83 PID 4552 wrote to memory of 3880 4552 msedge.exe 84 PID 4552 wrote to memory of 3880 4552 msedge.exe 84 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85 PID 4552 wrote to memory of 2940 4552 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d6646f8,0x7ff84d664708,0x7ff84d6647182⤵PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:12⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:12⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3536 /prefetch:82⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:12⤵PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:12⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9272348639168104413,4011512481527727915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:3188
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3916
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:380
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x478 0x4a81⤵
- Suspicious use of AdjustPrivilegeToken
PID:2188
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7abd6689-50a5-4da9-bafe-6f2aa10bf27d.tmp
Filesize1KB
MD5baedc6caea4e02bd2a805c71c3363130
SHA11a9d70bd0a6319dfb6a35f0e3920d1d4eb96f011
SHA256eb613d3d196418418a84fff06766006e0af564e03b42cf2393f59be62a2d9ef8
SHA5128d17a820e8752de8c07a985ea744b0683b43c134d60faabdbdd57f1349007fb48aa05639809f9e032dbb32742ea889e90e190f65023f01120ccd4b08c092f923
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
42KB
MD5f934b8651447a6a76ca8b68ea6eb40ad
SHA15bda83811706c7595b7d15e6cecec56d7b20485b
SHA256f6011a9da52adc6991e8b2d68ee56cebbf71ae04fe6945d30c1fbb087e062134
SHA5121dcab4611b8d5cc4ff68fd0429f94668bf84d64da4a34200520cf6f40575a46722ade3d84039487c942096438b7eefc45bc2b4734ef055ff89ec39b1f1ac38e0
-
Filesize
139KB
MD5cfa9f685ec440d8bbfb8848e0c5815b1
SHA1f9cfc26fb29ec38cb9c163c73b2ee27d3e4806d9
SHA256762843fe743d1eeba3bb3daf1c1e631f824a94c4f6c454a88ba805b59391b8bf
SHA512ec836f2d647d84bcad717261a114f89144152082804ed476f581445efd316db993ab4fe3c4c2454cbc19c6fb1fa68fd1241ffdde21f7c0bbae1a19833c709457
-
Filesize
20KB
MD54daaccdb07866cc3fae3c4973a15b9c1
SHA165b04d541fb34f97b958d0e68e31cf33c00eebcc
SHA256f03f10bf6c4d2cd8faa43766f0ccfba78dabfde5c71cfee864af6c230dac8355
SHA5120d3144d273d7c84d78f29174f213864c84e8a9084994e25bca5dcd2327571a42078fbc6c050e74f8934b0e896c9ea7a71430eed5f3ebd122323280136d1183e0
-
Filesize
911KB
MD529a37a3aa77315c802d9676b2718ee06
SHA159c3a509a85454c58701a1a838a6c603870382d0
SHA25617a5c9147011fb6969768d5f23aaac18d192b5abf90243877c55154889255758
SHA512d8697897225c9a8535b19257a221e482c5d1d9418acc323433108edf4467057e43d8803b69a14124953a03ea8a427b7b158a44fbf5b5c77dae078943afe16a64
-
Filesize
1024KB
MD5541b52f8df8a3df08f715d27c3656ff4
SHA11bd6efae9fd4d98a754b112e7125352cace45000
SHA256028c7327da81c16d3a6a57aa82e54bc08404fc20c2ea660c1441dabe88c7b098
SHA512be74a4e0e2d21cba10a0230fe161f3e65f97892bc904fdbe5a14db7922e4d4f9fec7e9b8c9ca3bda93d341f528ac15e5064f11bcdfccfa9211a4807486d3310b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD55b4a6d7d656895449fc97c8dd61fbfed
SHA1e5fcb98ea3d4120f7dc11370f7ee135241a450cb
SHA256ea8d92ad1a9e6aecd4512a7875e655ba35b8fad9eadba419fcdac78ff194e94b
SHA51220969d6b7237d80e2a73462fe6afd0836592f446ccd907fca43fe05f7c2ae904c9072306cd680bc218a35a2e1678299aca8f0f2ce38614902f7e60bbef42d833
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD58a9f6fa3c61970378a76787fa5bcc8c8
SHA1fc37998561b498b91314aaebfefbadb3b7032390
SHA256867df02d420f2f62d4b1999e36a151213e62643c40652cbb2641c58229d79451
SHA5128e459c259667d2299145657aa810386a434f6e875b26b75d15d9394d69146cd78f562a7b0b53bdc3c8f387f4c05035246261461d01f3bc767ef4da93e7633c3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5a6eb68e2972cd792a87e9a9a28947db8
SHA137fe6a666b36296df3909d57982017596cae6cc4
SHA2564b4b10476c8ad2c651dfc492715bdb63755167bda7c76f9fca21cb99706bd34b
SHA5122e35da417d4bc082afa7ba015cdd802ef451db6e157ad22d00204e0841cc333596372fb335ee8edfc337b5ab8a7c12b7bfca20ed1a8880d3cc0423f0308c40e0
-
Filesize
1KB
MD511a76b244608442ef577787bd84d13f9
SHA14e5d894794193089ee9caab3518e10346d43d445
SHA2569f791bd79820367089c9254f50ca3cf52ff08a5901ec33344e1f2de2d61e1190
SHA512cd12914455d9dfaba1176f8b57822d0324142c4a74eb05560a910bf8f677983d6c2b2aeeca3d2f6ea1054e92c088b0a39f78caf874e761e82a42a42b26ab132e
-
Filesize
4KB
MD5bbd19ff51299b8f9ee712e0947c34986
SHA1adda17422add397547b6452fe383976d849222bc
SHA256dab114a690718c11831359d1ad3491366a83299aec1f065a80ccfcaa714be4b3
SHA5129f125d6da98e51e81e102419a06b1eeb36512bc5dd61e67be6300b0232f246094b52dd0e28e5c9e6d085d4b63e7b0f6b33db7eba8165beed6b2d9a79b712beca
-
Filesize
6KB
MD550ec4cbb86b9273947e649347e2ea93c
SHA1e98be7f2e40cbeb3069b497ad9fcceaee5938c5b
SHA2563c7924e261f813bc5cc187b214552fdfa6dc8a907783b9d53bd002548145cabf
SHA51235adb5a74b2cb0dcf8f87e0de20db793a48d50ac0942233473bbaaa5147e949d3f603377d9d8d573a193281b388ea88850df59f5930ca59ecbb6fe7ac687007a
-
Filesize
7KB
MD5906a49aba2eeb8e9447ab167fb5785d5
SHA13fed9cb293a3721050b7c1697991459362fb0bff
SHA256d898f9d44a82564b95ebbbd27a0e36f38fcb9f9057179760c1590739d7879560
SHA5127b7e3d29ca8fb5b334c6448eabd5cd2a1e3c2d807f3d40ae8be864f01fa9ee441c6949e7848789b464e277dc9abc9f7ceae0669b66e970729cf6db3f190f3f33
-
Filesize
8KB
MD543b5faba28e5d646ab73a35796f858e6
SHA1159d7f0a52541f8eedd132b8be40a4d34c0d811a
SHA256b76617a4ed1167d9d8e78f699354f1718df190b9d62b7942ca7283227e187de9
SHA5127f0500f5382350ccc47cbf7814083b6f4cb2621fa5ea2c02cf8397495d6112d30b76be8dbe23f0831c9019cae3e1e1e20cf6a17f5c55ac83b426d1816c69fa7d
-
Filesize
7KB
MD579e6346307a3d03798b8689368791f6c
SHA100e17cb077f8c2db95469bcc03565da2cc431a4b
SHA256458e305e13a3680f46f59ed6e41906f58c586830ae8b804f999d9288ba73b83f
SHA512a8f7621757e3038ac72cf49cade19f0595b0c2fe021bfe08717fb3d6d04f3aea26f97b3d16b1cdfc9709f100e0644be160be593b2b03818d09ffb30a2a16ca90
-
Filesize
6KB
MD5d971ed136e0be9674e2c41a089909eaf
SHA13938440db1be54bddaed9588bccb996953ad698b
SHA256d2866715290c2b118d47cd7c88f552d4e433a97e99201019dcfea6406ae24530
SHA512275bb86082546811c89223aab530c5b9678bc9422959b636d4b1eb191acd3e9b3663afc9ad4348c1b073ccd882810e0c8776ef06ad43dffc0b00faac61337349
-
Filesize
7KB
MD53aaacb87061d4d20e59a1f48749f9366
SHA12f1200de32b5102c4fa9afa6623ce7a09531f51b
SHA2561919c570424ecda365612a7daaaab0b42a38161b69a9ca64ce3c6d9a52940463
SHA5125f2a8a058dde798583f1d97a562d5396fc6f7a5179158fa860d9c5a1df24028d750a7ea21865dc445dda3a645bbefc92920316ea08bc89791c302acf14ca25a1
-
Filesize
8KB
MD5785bab5abccd98b74e2101f2c90a3433
SHA1da979c4479dbaff830f247df96da666793aa400d
SHA25631db7755a5261822f4b486fbcfc1e25c4823d14cd600410a97cb60fccb456620
SHA512b6eb729a2e152af7bedafeaa936b1dacc6a04b4186149f95a04bacb8504a728fd99a5fd1a53fac8d99bd29b5c4e12f3f71669ed62e391a20edf6a4c544672fb1
-
Filesize
1KB
MD5f6b0c7cd9263831ff49f18aff6fe0cb2
SHA1473df96f8db4b9efd81e42370ad92f1b2b1c67d7
SHA2568b0738b5ca3c34687dbd13754c573d3fc3ac5cacf4ee43b7172ea419814dcfa1
SHA512d116d7320dbee9106ca8ec21ba987d1f18776a5e3c56be036176a6d7c19678d29813adf331bc0cf619161493c72cd77830bd8902f433e9b30e15abcd7440f252
-
Filesize
1KB
MD52b1fffd881655b5a04559e46f33b4255
SHA1e932cb0124751a9bf358885eb0f3166c9c939bba
SHA256dc0792762e3cfe0469b4141f8f035919cf03385c1c953f3464872bdf2a17439b
SHA512e6fe64ef71587c7194357945a78b357527eb8f35a5d0a69d10b323fc0a1f4eecb9c0582a2fb5c44d60f8bf49cc2451baf1ae256a22d2d716f0a53945a7a754f8
-
Filesize
538B
MD50ecd975b4913619c6210232c9b8c0cc0
SHA1c0becc0c5641c04f2c9f186c182dc465c4cebd60
SHA2567e7e2f45bedeb21fff78dfd8750b5c10409b9e566ee1cbaebc79b51c8c445d1e
SHA512135cc69feff827ea8380d0869d4704edb7ad2cd3864b5c740982fc327d94e029d04bad1d0873d2d0e17d4a9771b4dc6d40b5dd45b626f84a76fd6e6f72865d8f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff385a60-a7fd-4ada-8eff-62c7b159d457.tmp
Filesize536B
MD557de5b0967b37ef2bdcabba2bdb2c9c8
SHA1076389830e31f87361cb3e1bda611041585221e1
SHA2563d6ca828f25101584dd573ad1cb3adc2cbb650cc1a279dcdd5d4b330c7a7e08a
SHA5128ed9289530c3c0a3e12c6adfac81b2cc2e0cd369862aa4a1439a62810c5bec8be57b469c8048f7585eef30a6c8ab04135896f4955fac6172c374d02c4be3b601
-
Filesize
10KB
MD5d64cef843a1c9543bdb3c7f6287fa6b5
SHA17e7ed8b667b739dac95fd077e68ce454bfa083c1
SHA256f44e84fae8eff57ac258819055b01419c887b6c81665982f40e14f6af45dda0a
SHA5126cc9777aa9a728fd88f9008337fc893a30935af737bec9290b2942e9daa7a0c3dff066075047eb23a4a4695dfd569d9744eb82bf9ae6a9b24ce89ec5e90020e8
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5f305bf68f4a4088a852df9529eb8065f
SHA1f8f2c566a2c93746f27863f3177c16e6af8d042d
SHA2565e9db81aaceb8b977a83c2ac4e180962b975b2971d7933bc35a28b151b79e1fd
SHA5122fc1e0b407d553fd7372c78085901eb6a0e6dc7032b9fc2792302521c26a0b17df067795e94c9d099718ba14ed4cb77749542b5ca48a826a2df5f27556736000
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize8KB
MD55e51cf18819eabdea6494a2a536f3d38
SHA17b0108b36965ba9d9d356855421c319c07de76ee
SHA256d24f137341c4c02d1def1982f284bef184f269dd7b06fdddd4c8bff99d10c545
SHA512c8ae0b579d9848565e22d20da9ff792379385862d232a53a21203a537452a0c02727de45be1d906c99dea95ea2d7ff40ede56b8fd6e8ffbe5be660206e6b6101
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD59a104a79fa2fede113929e3fa5f43929
SHA1c65241e9aa4c7b081e9ad2df26f4ab79935c4bec
SHA256a988294baa4ef1e2d2790fbc4548acfc18a19844f9f0b2bdde33ead5307444c8
SHA512fa9136d6d067c0ff4e3bb1da4a272c6119239c3b9c4de801d3abd2d340acecd53f7519d08e68ef26d66b086ee76186fa1fbf76ef7cbafbc852b93d93c10eba8f