Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-08-2024 12:22
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
resource yara_rule behavioral1/files/0x0007000000023533-205.dat pdf_with_link_action -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3508 msedge.exe 3508 msedge.exe 3840 msedge.exe 3840 msedge.exe 1852 identity_helper.exe 1852 identity_helper.exe 1092 msedge.exe 1092 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4804 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4804 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 41 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe 3840 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3840 wrote to memory of 3572 3840 msedge.exe 84 PID 3840 wrote to memory of 3572 3840 msedge.exe 84 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 4988 3840 msedge.exe 85 PID 3840 wrote to memory of 3508 3840 msedge.exe 86 PID 3840 wrote to memory of 3508 3840 msedge.exe 86 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87 PID 3840 wrote to memory of 2904 3840 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wetransfer.com/downloads/42271682e2302a379561e3d3ecda5dd220240813105129/e1496b9d6dee610bfd5416975b77d29020240813105152/5df22d1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3840 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa159846f8,0x7ffa15984708,0x7ffa159847182⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:82⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 /prefetch:82⤵PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6096 /prefetch:82⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:12⤵PID:5168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6816 /prefetch:62⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:12⤵PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:5456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3372
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4592
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:740
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x454 0x3d41⤵
- Suspicious use of AdjustPrivilegeToken
PID:4804
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
1KB
MD5bd2e2e36c3e54c28d1fd4280bb5df098
SHA1e69e861aa766a0e228fc9ad415d073ba299ecc43
SHA256277d4985a83fe04079de37ed87d26ea71b270d4953146d8c247e60af532b271b
SHA5128c4dca5da11efb3437e14f4a54285da6b00377a28a890a4cc8d8165dea82782b6dbb3b36c368ea80fdd820c20dae7c1d636dd9c978553260c6adf8e782c4a1a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5e5808b061aa821d3995df8c31df7f8d3
SHA188c09e4f55ecab5eca8dae1d64f3b4909c9e36dc
SHA256a58c5645adbb93e6f5b9fa73452782b67f5353c8c1bd31b2acb068427266e881
SHA5125a36b89541697d4a1ce1b430f3c54fdb91304cdfb110efe140441a964844f79ac660350eefb75f8e301cb88aecfd65c4949781a72a2e56fdbdbbe714b3c3d7ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize840B
MD5c2ef4bebfaa39ab48f3f40ac9441c1ea
SHA19b81f959b47d21649be7e5ecdf00f69c424e3b74
SHA2560ef2705a7e83a8d4ef33b1b3b28c7b2fcc0d4d0ea219124d1d91974e152158cf
SHA51209a735072d6c4081fdb0759b82f950a60ebf2f77949fbb66faa1ba455ee7bd357c04e7ae50cdabb7adfd77b2a260477d0e9f5dde5e78ef7f34e652320c9a8974
-
Filesize
2KB
MD5bb76dc8bd68e65cd8f0a0f505c611c11
SHA1dcfb277d5bfe0fe53a32648d3e217e601aba1150
SHA256e3f6c46b6bb5313139f3f8dd37d4d0ab6e18d6bd529dcaf66b7a5908e7895e0a
SHA512556ea1cb503c72495e462d2c143c9535b714e1ba5023645635f2417de90bf7a4e8ef266d26175ec6934c2cc6ba72373483bfe529f4e75656f306aa2839ab3fac
-
Filesize
4KB
MD5a588173cdd7ca1fa2ba7039e88a3f413
SHA1617fb56228b569c0be2d8455b8f9e0d47d548443
SHA2565aaff40713e5c5c904acc0d893eed7a2223f05df7236c599928c187d04d0baf1
SHA512956385a70ac474188a23e08e1ad0c185d1a9614e26644ddb107eec4cde82c121d54dc4970501de221fe74f60db27e53c76f62e668e157af2bc454ca9c81c50d3
-
Filesize
6KB
MD5a2ec4ec1d8729b77ef78021827eb75b7
SHA1120d738002035718cbba3c339588b7e9c4f2ea7b
SHA256bc9848f87a4e4ea2baebc443115b15da2af9231e60fb0eaa3aeb70fb191c1fdc
SHA5120d3721ef9b32d6197f2d1a66af202d8a2c5979df73e34612bbb0b509e3a8ddef1de591b04570fd0e70e71c4b04bb9a36c6905646164ef6db2d3aa2ffdb28ae7a
-
Filesize
6KB
MD53faa524d6bdbdf4ccb69dfd999b75755
SHA1f445417a51cfe54cef51834de7ef0c79f6d243e1
SHA256d9bb71d00a89a2abd65798c51d83fc7657857b6bd733288421e4f2ece36328a5
SHA51232cf24cf904bab8ddabf587e6507e8a8ea9707d50fbe5f71479ae1f31647e4dd5069f9e1f950e2e8fbcb5f5cd130b4a61e55f22f9c0f790e85e17b074c09f489
-
Filesize
7KB
MD5227f27c89310be03eb84b79225b55b17
SHA16197d7a64a8fa8b4a17b58139d52287f7283d3e5
SHA256f70662fae5248c015b0a56f7f867c50f34c39a73ed508cda9c3e3cd0c37fdf43
SHA5126b6df1635b9280bdd27c85e03a95150aa7e0d8b939b2d4c993af1c46b68ae6a0d8c9d96e989973fcb212154a25cd0e51ab364ec779e709745a12dffa0c9c627e
-
Filesize
7KB
MD589782ea4d223f1e713e0eef740edde5e
SHA1fb8024153d7ab0ef5fbb294701466273fc5db9f6
SHA256df6d9074ad7edc9157e75a1ed3ef8f8504e238d1ea396c163f75133f62145b21
SHA5129730abe5a1693ddb9d8d7e8706f2a3f363cabc2c08f38ad9d33ea9d74c2406f9c06506c76824cbfc899e279c54ee4bed94db905dbca00788f0acb1a7a8f4cfac
-
Filesize
6KB
MD5079ce6f99575629aaefd90dbb529a734
SHA1c57f49342ff9a4d8cc0822ec3989580b1d85e8c6
SHA256f87471ede279cc442fae3aa50ae93ef42ce31a09f2af15248554954d5e633139
SHA512c85d328917258d0436251d343c4521f9627566de4ef55c41d74f4a06f939270ebd34a184b00e29bbcda1c19584f6cc441dfa5adac164b9688549b0acca8755fe
-
Filesize
1KB
MD58cf5ac7efb4d206606685d3669418c50
SHA1cc9d14f7eb60d7626763347a2222a95eb3402adc
SHA256755add72d3b753ce016deff71f1d13f20b83b374e669ff78f4a0a6a8dda17710
SHA51244a473b719b060a0e5c7d3a9b1ed0fe5811c5d8f223d48bbb5118eb5b1b69c5677c06b3b1ef7bd4ebdc3efc76485d9669e3815f00958970a5ce261fa9b12024b
-
Filesize
2KB
MD507d13e027cab36eeb0be2e4821e151ba
SHA1a3bba620970d11247d1b1d0c08da7280a55faca9
SHA256b5a7551b35f87997275126561da211d6b2c2693ef52c798d08993e7cdd08b84b
SHA51254fb02c2b6fb18204c3d7f1d47d88ebaeb7700c770577a2ac8873fde1c9b5d1e8087e1c622d6348e90e40ebb4f18ef1fe5391915fbda30ba58da2456d3c5dafc
-
Filesize
2KB
MD5f47260c52c80b17afad1441d0acdddcf
SHA124e534d3ab66437d9892c89bcc6dfaaee1b0367e
SHA256fa6333107aff29a4473ca26ef65b1b1fd51001733620985ca84c5400880c325c
SHA512d0be2fbca7e5d5824c3d616ba799b208a1b6e491f45ea53f74bb770cf0b7ac4b61bb805d7becbef5ff3968d0042d7bdcb7a620c6edc98790a480ff42cf5d419e
-
Filesize
3KB
MD5bf2e893ae85651e08f3b05f734184811
SHA1b720bcb3e753343e36986ac5a935f1f06d6f4c5b
SHA25693bf3e2c5038f90b669689eb195650cf76263af8307dab5fe97f70f63d4f53a4
SHA512844a81dc627055f8e697636a833b21c6f169c25900c1aa0cf59cd5d387d7c2c68b55b29a50c9b273e55c86b11706130a05d01e14715595417540e314305462a8
-
Filesize
3KB
MD53eb111ba87a8278f48bf5a9771908dd1
SHA172be58b079d02534609fb8e0d282b439906916ed
SHA256c78a60eb6f461b4ff28eeecf7599e3cf8ea98286f0142f27a243cde39a4de103
SHA512115cc5c907a3c88694d57a789d2ea379dd59e3b7eb9afb8cd4a2c808961c71fe36296d2c28ce8fb0fd400ff5d5d33dd88c88585e1a5c61bc3eddea57d16faafb
-
Filesize
3KB
MD56158afbee0db4833760ad14a26406fee
SHA17970aa23b1ab568a7f644b5adc393f6433e6d7a6
SHA256aa3cfc119f940c4064848216b934eb320638eb69823afb3c852e6f7849951737
SHA51261f83c373cdb6c58fb33247b6ac5651e9abd7121367e23c7cb16b9074443ece13fefeab726620b5a6b2c90e033951325f528626031cb6e158154eaaace5cd44b
-
Filesize
1KB
MD5618a6d84f6c8ae758e37ea0ca0f41d52
SHA1c8e5ad4fc882e35852b44ebba7448038a53f9ecd
SHA2564a8e12b584fb71baf3b714303b677c9f3ffe06e3698e2ba65ef5c91e0db854fb
SHA5128427b75a3c84e585dc2f63b1fec9003bc20499ec58c0e85d05ca83542d458b7592f3b33a2aada678ab9194cec40410658a27f85931654f9ab68aa08540bf5cad
-
Filesize
1KB
MD582271d8300e573807827271166b42142
SHA12619f13b65d1c88776576b2dcb725806a896bea0
SHA25657d0d40e877fc030fdaedca5f0b5fcfbe662d036b5db774d5b227650e6759cf1
SHA5123803a7f17430c713f889393274514e9667e7033d228b090db3e6405a2cf8efa1d82c7675495ce8668cfb908938587f280993c2fcb98a605c12f35ffd5962bdbc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD555a0855b438826927ead577b270627b9
SHA11188fd1f7d218ebafece5e3840b2fd567be7ee0e
SHA256a6e144c873fd32064bec289230786f2762378361903fec8081e490ecb5bb7d8c
SHA5127d1da19a6fccee5f39972a8b1641802dd3800118d653e3bbf8b9a515aa67e6838c606b9ecc25c8ee4173e424e06fa23a5e790f01cceec2b6fb4241a028bcec2e
-
Filesize
195KB
MD5700959de35ba43312837c4cb01076019
SHA14c3d4a46d9a2c6e34101574ce92992ac58e8d6f0
SHA2566140512a0eb9f7449ba234b69c4b4ca38c9cf6e179e8ce312a84cefced9063cd
SHA512bb59f87085178791c2c0600dc16ce5280527b770a1bdcb908dd324c14270127ff6fd20354fc72c1a4c4924cbbca11079a06ed765db50fdb4b4dbfbb895088c8b