hxxp://google[.]com

Resubmissions

07/08/2024, 01:49

240807-b8qklaxejl 3

07/08/2024, 01:15

240807-bmjvxszeqc 3

Analysis

max time kernel
1680s
max time network
1688s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{550ED539-E8B1-486E-B093-108759AA45F9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
3472	msedge.exe
3472	msedge.exe
1700	identity_helper.exe
1700	identity_helper.exe
3668	msedge.exe
3668	msedge.exe
476	msedge.exe
476	msedge.exe
476	msedge.exe
476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4864	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4864	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 560	3472	msedge.exe	83
PID 3472 wrote to memory of 560	3472	msedge.exe	83
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 920	3472	msedge.exe	84
PID 3472 wrote to memory of 4720	3472	msedge.exe	85
PID 3472 wrote to memory of 4720	3472	msedge.exe	85
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86
PID 3472 wrote to memory of 872	3472	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9f5746f8,0x7ffc9f574708,0x7ffc9f574718
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7032 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4042965518930554641,3285967506483628311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x34c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
1024KB

MD5
1114ce634017135c2d8b1f3f37e28972

SHA1
9f1680f5afee270c060fef0bdf03e5dc9d783393

SHA256
26ff19e95e5a528c6f8f3a79a631701968a23f1ada10276be0a9a401d8f027bb

SHA512
0870c9126a78395db1f4c85937301e2095556bb5cf8b36571d45729145f84d7059fb78235735b042060800185f7cc9a043be47ebacdbc51184acaae517a5fd8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
990KB

MD5
44a4109232ca7cc829ab1ad8ac1b191e

SHA1
4f2ac57dfec46d0325d86c115e8583445501b4b7

SHA256
75354f3fa8abf7867db04e5e3e946d6df8ffca2dede8b237e5ef1d194018217e

SHA512
c4b003bf88edc81099159314463f65d31dc0fff98e81df54713c82e94564eb98ba74f98d39b2606db36c9ba9edf8f824c8ffc52a943ebdeab1ee2b61235f7c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
1024KB

MD5
170d7e62cacc6117a78c59b4bfcd8c9b

SHA1
4f64479771f0ed9a61e92194f7153bd23d4a29e6

SHA256
7b1855cf3881cf128042c43aa2d7da11338792cda3f0ea5fd6899f26f64a759a

SHA512
7b3c03486ecbba4036995e0b9a769f8808535cb2728d5d65bd41ac694999dc6c7d76c24fb3d64ee60e7eed59f8121f80ace43231f621f3b1c8aef7618a531721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
1024KB

MD5
ce48a9d7a84b840582269fed9953affd

SHA1
1bcf2369a0df7404073f987a5f0db7704c538b28

SHA256
37ee58f398fe0e78a9c8d7144ec8cc9410f74514b27b31aa57f17c94cd705c2b

SHA512
1aa92b5ac09da99e5404068287d672e49d45ac5205a7c12e4e13821bcce0a4d86651496ccc883df1a790517ad746f68eeebbdb2541a22b8bb3d29f9b1aa1689b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

Filesize
23KB

MD5
765c5a45a17f2fcd66704c272ad069a8

SHA1
54daf6e0352b23bb0ac89d7f0ece548a2ffd9daa

SHA256
b6c2477ff4b8957ac40a0e60ff96ab25dc9ddb22c5a5a3a47a478b16272d706f

SHA512
10ced315a959e4de0a70b97d94c606db69c9e7a1389201fc69bced0580914a39b06e8d3d6f14f06d36e1eee06b46dd874b9cc6dc658041b25bb78504daa040ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

Filesize
1024KB

MD5
cf593f23709bc4651822eb7fcf50ddce

SHA1
8dfb876640872037dd88d6c63f4b312165aa42e3

SHA256
3a01a2a1852c9fa0f157bafb519a9d09c557e94301b4c2dbf37f689112a93b08

SHA512
f1378b06fd46b602dee030566d2894dc0276a62cfc577d6e72297a860443e651e356f831d75bde2bbc27535110cfb9f502e242cda6d5f429734dddd9329a67fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d5

Filesize
832KB

MD5
bd0525350f2857cd189fd7775eb92768

SHA1
66f59d33f2b1bde108eec58140ffe2f025252756

SHA256
0daa7b56c121971a942b19ce6a8d8f02d8198debc57abf98e0dbf64d9bb0c6e0

SHA512
6b0fff2d2bb4d9801005ff3f99aa9c27d806b0e7a6189a1b31ba1ecc7326b7245bb2c46928bf995990ceb9abcd5466176752e4c08127b6c120403c21d74726b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dd

Filesize
1024KB

MD5
a20eeb05b45b095fbc98912cce261794

SHA1
6a58f4a3c4d9416a922a4ccfbeceb812b2e04371

SHA256
4332e3b57f2e4feb1f2c2a1c8704a8e115d241ce6272c833b7f517dd28eceef0

SHA512
33e5661b7e3d3d79e7d55ce22516af965e0a79a6759273fa47712543eac53e990df4c4f5785a2416d1f0e24969225cf515d26d6b03e19ea4468b4448272e6aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000100

Filesize
1024KB

MD5
236f408c98b1ee903496c96aca84a2b7

SHA1
a48cb310bf23406c68a15ce8681e5c092143610c

SHA256
1e5ac4c46ecfee1b378dfcabed70c275ee67edd05f1225e4cb9047a84effb5c5

SHA512
b24a9ffd03b7fad69726f824103dedf783eb5ddb35ad1e6be3ba3f48a9dbb440eadef2ee6a72453ffdc1c21d0505579dd1b7aec7026893f5e0f7f6a0e92f9af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000103

Filesize
1024KB

MD5
972a7594371e8aa1d50b37a07005c481

SHA1
4566fcd47938b6560340a16e49943737925a3400

SHA256
da49d354ba3d66592446a7b53e7c04a9585bde224390e09649b56a3cd1802bcc

SHA512
441e85f5f6fd77ceaf261b0b7384b383b1638fc93d5e5a66710f060632033d6c3ec9558b2a67a165fb24164f7445f5c15d4427188e45d79402d4a9feafab2965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010b

Filesize
1024KB

MD5
226bd642f4b3d0d86482453430a846c5

SHA1
48e95c934a2b8c2a310ccf736adf4c6ab55a49e6

SHA256
37a771874804bb19b4bc753741332322847ae51e8d8936cd4b549f59721bc181

SHA512
29a2b3271efd994c8b1232eee66f31bd0a1a2c4256056204c5eb19bf40bbfbc19b88915fc4263e5b767bf53f356c087b10d027a472d70a4a1e7d5d1d7d255765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a77d5fed162bff842529d3442c7a09cf

SHA1
04c7b5ac7fd13dbc2a2958410148b69539ead8ee

SHA256
5dc137e701b9fd9273e15621b50f8f728f7edcd4088343338174dfc55ad9e3da

SHA512
597f681b513f59ed7ea2e80c36755790d03fd2a898698b8be9cc3d31838bca5b82383da3cc94e5bf51b3f3168f79877ad7aabb39e329070a33924d7088c36faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7ab12f847fd212785c6fa8d7bacfbbef

SHA1
f324a799b80e15f361bfaab7cd7eb92b10f1ae3f

SHA256
884ef90e222bbdd5a1a0aaa400f616b165c311b7375c58b960823099bb3c2b1e

SHA512
b054ebd3823d2d2191367cb8207a32f50660e16b7c16597a46577e0a82410bc0ef66b3a6b5e54feb26bf150f7bfc3b48e37dc7763021aa5601d4ffe42a078b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90808021306a3967cb4c66b8a1d9f501

SHA1
7b9d9202cbf070f37425c44bf5c34ba245328b53

SHA256
6e8eac5c99acfe3e371e4b3619522ba1b52b2a8d564e471c03a647f955f569f0

SHA512
1a333fb2be8681054a5f481050885916aa578f5ca349764cf3d527fa5b7df0ee6789dcaf8bf4e158df7750e223f8231360b40e5f98b9ae67e4486a6a9263eb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6616b8493551287bb47c96b847e78f0

SHA1
f97f1cdcce78335c70d638e6111447064fb1057b

SHA256
ca4f667b64eb7f4430359a4ec5d5a21cdcd828108d9d15f6e0dcdd70729ac238

SHA512
e263711f706984f681ca75b3e0899c0078240bb47ea2d7f5e784c5c9bf9fedb18508142d5d5bb83d09c30c217fe8a22ef5dddf598c05e8debd49430737726dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d53f551b77650bc639cf47772b3d797e

SHA1
13f0322cba4771394f17468f8019e26ba8c15ad3

SHA256
62e8ef1a75f30253824c2231234feb293ff2cced37f0287db3d9c0827299399f

SHA512
3a32a623113064acc142d7e8f72d6093f0781cc73f8cd75e0619b213adea3852e12551140ad121155b29bd23f8ba327a745b7ea08451f44693a1873d906346bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1580b7b067d2b74facd80dac0eab8145

SHA1
47a4676a4b74c7f516120fd8a3d8b217d11a8986

SHA256
4133d684d4c8ac12d08805e4d7f26a3b1a01a8722283ad7314de8ca65a5f11bf

SHA512
02530e7d26826b0dc9ebba3fb1fca7d1c4f50de80b387e4c0791193aa05fd02e60356677f6436378619b78a0cb4b94fd7a87ec41a3e9febee0d3bbb38cc01d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
859d71bb231f8ac93250c431bc61e6bc

SHA1
605fbad760f352592a13e5062f9c91e2872dc595

SHA256
6dbeaaec22096a73ce2f6adb208f4f5a438eec1c66c78fe20612cad5517bd5a9

SHA512
a6eb13747b0fe8931e38892337441ce09921cae4c9ccfc7cb2961ce77b8f562f94de03abdb6572b11df60773084cb973dfc52975413b128509cbf436a834250f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
63c23d6d56946526aa7db4b75c1e883d

SHA1
017fa0672cb542c984f4a6209cc284f14e961b10

SHA256
afc2d039755ac9d3b7c9f8846426fd90561ce2cbd53515e3d1d6ea548683d6e5

SHA512
e867be73eec2438c4eb7f19d865936c00cbb1c58533c4ebddf2d5c5d68170f13aa797986c74d468df2d6ab466be07977dad5a19f3bf152cacbc7e15117607ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
968aeb9a9e46b913cb5955879380ce2f

SHA1
7586f8d8d5c3bd7a2d769a7fbe32a22c3a7b3fb1

SHA256
21bb44e641096f379a1b1ba787f085841272fb14c0b104d57b8a93d7793fd4b3

SHA512
ccf01047f7949ce3514094bfe853a651bcc50db7518de9dde0754bb79277daacc700faca244d0efa2c593430db132768a8af782c9b014a549ee29ef4dc9d927e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
87b5321d86e521ff45a814782d1a8f53

SHA1
40cdf8ae6e945fb51f5c30a0ae7020df2441f3fc

SHA256
e4a6961bffda0385965fee087a98257abbaa2b2949af936a6b1908791e24b46d

SHA512
be0d1bd46ec9551db3b7672f09f0aade933be2585b6b3df439a1b774b5bcd48353b8c536a8d5b4ab59f9710dc764975ddec2d084575249296b8455c4aeb8bdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92a6f91bb7e81bfec2abfba6160a5340

SHA1
52c6e5b39dd2e5be34b30f017daf143bc4135761

SHA256
4b6f94ce653ff1d20195bb95ad1021e37a2d6d64a916f51d07656785e040d2c6

SHA512
6818f0cb707ca81ceded0a12a7a600f1445d682f685e8305139cec237906f8ef3145bbb5f7effee7e38dbc61133fe7a680a605dec7e5e3a30006a31b9859fd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc25c2336e41457804743042cab3bbc5

SHA1
882c97db293428e924d9a0b96499e30de89ad957

SHA256
9fcf4f34df6efe20dedeecfece62d79056888639c432d087c034ece91c032332

SHA512
e8da9de06112bac133e6c48af936e22e8380cdf5c6b3738eb6a7ccdd29be95eb489e0b40eb45be6c2357193a7bb66cb659eade8fad06e1471097c4995a23e8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b1c3c45313a5baf7d04eaefc8d322d1

SHA1
675ab57a9e6961fb7e015e5be1e762b4d0ebe8c5

SHA256
c7b96d9a1748a6ea1fe418ce4a7fc7c108147de3785be1ef787e67d6374d18ad

SHA512
98d8205b4e230caf713003a29e69a8395ded661bb699b56fdd829787897891b2016930593e538578a45c86e39b2bf968b4dd8e6db91270c955eeb486c34c2b99

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit