eff570f89626bb82bc162019dca3afe05fb5d8e7b6a46135f94236563603fae9

Resubmissions

14/08/2024, 17:49

240814-wefhrazfln 8

14/08/2024, 17:47

240814-wcv6eszemr 3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

istripper-vst-crack-download.html
Size

100KB
MD5

cbb542b172c097d4b301456dcdfae053
SHA1

7bea917a76a5d50045aea39485a251652760b52c
SHA256

eff570f89626bb82bc162019dca3afe05fb5d8e7b6a46135f94236563603fae9
SHA512

9e4735c2d613595d78a4dd222d9af8634633a6cf9d33b37b86de6aeacbfb1186d6584801bd7389378f8fe635a1fcc13c3997c932029d796ee097cb658128f194
SSDEEP

1536:Zjtjap8WjuUvnspIw/ZPpIw/yK3oxo/bVS:ptG/dz+8o4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
4720	msedge.exe
4720	msedge.exe
4284	identity_helper.exe
4284	identity_helper.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 2284	4720	msedge.exe	87
PID 4720 wrote to memory of 2284	4720	msedge.exe	87
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3152	4720	msedge.exe	88
PID 4720 wrote to memory of 3668	4720	msedge.exe	89
PID 4720 wrote to memory of 3668	4720	msedge.exe	89
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90
PID 4720 wrote to memory of 4904	4720	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\istripper-vst-crack-download.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaae9546f8,0x7ffaae954708,0x7ffaae954718
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7750203176722057139,17127492297241060628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x248
1⤵
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
f9dad8f3cf36cb1fdcec2030c2524452

SHA1
f44a360539ceeb087c7f0404094eb74e547bdab1

SHA256
285330c18b36acb4623fcd580c35e8fe8e5e8608e3865ffbbe4d5702bc654646

SHA512
2b875bacde705b0f56d8d1734eeb0acecd17ae189588fac73f23c9a93ea12e3cc5f5579ad43676e12fcd52b201a40bcfa50a24a9a591d5b996fc2ae173aac484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\575eac43-0667-41b8-8dc2-c6e22ccc72cb.tmp

Filesize
12KB

MD5
5fbff7c077a312692317503b6e8d443c

SHA1
49b50b51f91090341f33b113334fe4695ec1db9f

SHA256
7a8e379f15afc457052a806a76840fc396c28a289d2e92f3e61085d16da1d138

SHA512
76f41487484dfd20c1e41d98c0017cf010815001c9b21d5cda8922c8e77c2d73c34ca8d79bc49b29ae646d2ee3d53294a79fc78f506996fb782e4888f9ea83a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
25KB

MD5
ad1f4b6392eb2a332ad99dc0978d2316

SHA1
c1b312076af52ddb0cd4e4fc91e3ba9cf9a2bea4

SHA256
82ab972da3ea83f7107c9715860db229502b52f9884b27f7a17d85afc8f716f4

SHA512
080f6f2a5277562db2e12f8d5a2cc98ce51b2763262c176e018c497041a55b6bdf9c529ea41bf068e44502716bc0a97d48e94eeb2d09495bed39e03b7ccc3f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
cbbeb97e6a45557cb74e711b40352e86

SHA1
dcd4047303060a95ee1c31c71ff9f69665d1408b

SHA256
0eedef9ed3dd26d5225590753d1d8dd61227f2c49f0edce86551c9a7973c4473

SHA512
220dfadcb5d1c508f2a9752af29cb75675f510325ca5eae5ac2870b9e2d564eaf21111f775bfcd32e6c32705490e572405554452118ef319c7387cdd97d619d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
70dc03f112cceb30fa917dd16f94f9f5

SHA1
1ee2697366b5aada5d96bbd1e12e6816d1298c74

SHA256
1c401b6e759e3480fc5a7a2878d348c4a3f316f7e9b827f4ac4cc37476393ee5

SHA512
3f9158f8dd912b29d9fbb76f4240260bf402c3c335efe823ff5c87fe8177558ad904321ee4d4e69564a5cc342bc83449583a87b9e8008ae64e90052031b14449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
830B

MD5
46d2eafa8bdc14d794843410e1a3aae7

SHA1
b3cc8a43bdfc62ef3c5a5202aaa36b7b2839b0f6

SHA256
3cb71b0f6c3a82a5325635783b96a342fdbab990b5bed37e610a501f50a16248

SHA512
26369043d26387e642d4f9d27900af1cff97bd13a2f5600412da2f7d3d6b04e553f5f1d2b82dce85a559792e1008b8bf5493c5226cd184d49012cae2a9f41464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e0c1ecd198eebdb84e39395039d96ba

SHA1
8c9c0930bd81fce66f33f853f107fa5281a8a19c

SHA256
290fe03887504937824d22fe8db6030992f08069abfa8640bc75dcc7022ac3a7

SHA512
e0ec051afcf63d79764a59d347517a224ca1a4d8152ddadb35d07baf9c66adde87160bda5a371b554e52c5c00be3b7806ca0f2194b6c4926f324326f67a8847a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe76bf014d952101a533f1bfcb7eec4a

SHA1
323f38df74f5556a7aeb275ec0ebddfdc9e1d93d

SHA256
1423ceb88fee6612e6e415b0e3636aa607548165692b3e0c1ede49426994b157

SHA512
d998edcce5d8e8df0f495b8c25dd6ab50766a2fdc0bc9f390442a9acca9144e26f090928f6e7c198fd038ba77031c8e2706d5ab9a816957a24666ffa81ad5d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7427952ae4da9e34b1024d3e582142f3

SHA1
9aacc90c64ed47a41fd01e87e836a83383c963a2

SHA256
bf483fbb6f896c34f036235e4a0910d0e8b41d3f41fb90569286972028f27296

SHA512
bda643c8cb896bb8b7f72ba987d5c8a94e48f6104a4db40054a7b6f7a1201904f348c741b0755ab6463fc38799639e6b0e4576ea6a52389e55976b36dc5074bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec49658c46d9c45c34e5cc818099553b

SHA1
26cb0951018180b0d7551d905ac32c1b8df01399

SHA256
7e2dd297d2192189bcd3f16ec712879c81a014e2de6cf76170ba8cf2a473caea

SHA512
70a133343741bd347f5e184091329298fb830db26cc37e1c726bea5a156d591ecaac90b16e59ca12eee8fcdc8287dfe7f7863b7c88819a7f508cee699e232a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23e10dcd2ff61514eeba7ed4053cd301

SHA1
1cd40ddfb9f30f992f61a82319bd78cb0c667b63

SHA256
6fd01bceef846578188f9639dfa5c6b348802e346062c5f7d856f21b9d37bad6

SHA512
8909cf7715292d8c9a9acb3e24353bbd009315c9b0df64610278c6ebfdd5554ab7bdb5ccdde961ea5ab0e9ca5f27e7a72ce0b73d89cc337d677530eb6fc45d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b14e7105fec8396e7799692954755f3c

SHA1
fa60e7444bb9294bdde26f4393f124102e27af4a

SHA256
8a4ec91843c7d823b76e19e715ede1b04c98a4a71a73278b446f3234d704f1fe

SHA512
7d754371753dde3cbe92fb3e37e60141e026daa295ad72d142087e6e6a047212913aeea566c40c76a341a9d47892bc8d20ba96b567a9abe6fa1ebcaafa2cddce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7113347211fd702d6aa88f528510ad23

SHA1
3fa71c63b2b5cce27de999d83a914fa5311efd1a

SHA256
a6cdf43eca5e1680141831fa02257e3892990c79dfa3a7feaf757bd216b86f59

SHA512
78a200b0866e9cc162257abcba64c591c2502c37017b16802618abbc1c7eb1e0985df0456e1add8054daca97d2d0cffd3e4aeae2b62979a05509bbe4835c8423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
c52a5035b17b05fe33b671db35a0ffde

SHA1
3a8abf321268e1e455f403fb8891bd5502ddc819

SHA256
84d4888f6f3ba42b2134cd540b05be66af74d4e9a2d1cf392264af6bf2f106bd

SHA512
7fb66561163be0e665a9072943ad350f3c6dd5efd29cb9189786dd2431212e2a5be848252826544615ab1810f66f20429c6ac209659b8b34214f1cca48277920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5868c7.TMP

Filesize
204B

MD5
4d9738c95fbf3bb37f098bf9183dbe26

SHA1
ebe8a09343d4b092a387ac9ac01902856a6a05a4

SHA256
819703af0df73a3b396805c26bc0458d02323f6a4ed3b8ef25c88527d62b52d6

SHA512
b4c3fddaa18185d950e1df2b23d67bd35d1fc938f2b18061d9c7b337e303d8cfc0e33951facdb894bb97d7e9bf1a1706475b7f481300469695131a3870944cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d58b6f9f-dd01-4728-bc1d-d99870f25905.tmp

Filesize
369B

MD5
da3c1e6dd0086ef50e5ca3b143cd78bb

SHA1
b154211eaf5d9ee31d3e5814ea2e7c77b9fe9f52

SHA256
db199a75edf28c9e90e14e9580a3f07519eb3c936f280e74cd4cb8b3b6d5755e

SHA512
6c550ab4a59802fc4cf3ae02f8afdd08d2ba6cece79d89f54f6545474fb34c6d4ac7794c8d9a5ea9fc8dcaee0a53d7dda7267601e9232a99edf78c999bb96354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b98ccbe0e33ebd6cd0228cd7d169f38f

SHA1
8486634f30140170c7ab4eab37811fb6ab008de7

SHA256
f76a96088d159d5fae7095b92c28816aa3293bccacee76a22220c5429d227da5

SHA512
4c77057b2938773bd6547a999d802253b54e638b663029ec98cf136f9bbe78a0b6f2cb8da2801fc5ffcde263726eea8e2ec238d4539b2a8809ff1e3b5a1d7ab5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a5f3dfef4386cf3029ff61e12ba13a07

SHA1
64a84a80c9afda2ee232d3b6ddf7586d4e7da292

SHA256
0d4b86590e532cb966205d74bbd8e422e3f806f5b30a5719be96fdc5ee7bf9af

SHA512
0b2eabf1907353531b5c59b371f26a88da219c96a68f38f27aa45e101f900139f7fe6015820903ce48ec320034342a6817b4d8ba7ba9f5f05e0bc91480554df0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
601131ec6a5de8ffad88b681a58979b8

SHA1
5465c452395b12dc36ed3b774f578d880cf7489b

SHA256
7b644b1074d8c78f2c2474cf43da827b4d121101afe55e631b26b0b78b89d7e1

SHA512
5b39c1b914176a1718334900bdfdcf4ff35f3418a32c7b5483ab3e66e643b45a38e998a62de66e2c7bfb55ef82f7e0328f60c0d7dd0f1aaf4f1d53468150a786

Download Submit