hxxp://8402b05c514bbf51150426b15a1d7da088fb3da3be813e2222a1ad57dd56d67d

Analysis

max time kernel
289s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 22:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://8402b05c514bbf51150426b15a1d7da088fb3da3be813e2222a1ad57dd56d67d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{F3588810-4620-4B37-98B3-86932C6D787F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
732	msedge.exe
732	msedge.exe
4936	msedge.exe
4936	msedge.exe
4884	identity_helper.exe
4884	identity_helper.exe
4900	msedge.exe
4900	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4712	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 436	4936	msedge.exe	82
PID 4936 wrote to memory of 436	4936	msedge.exe	82
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 1096	4936	msedge.exe	83
PID 4936 wrote to memory of 732	4936	msedge.exe	84
PID 4936 wrote to memory of 732	4936	msedge.exe	84
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85
PID 4936 wrote to memory of 1104	4936	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://8402b05c514bbf51150426b15a1d7da088fb3da3be813e2222a1ad57dd56d67d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe024c46f8,0x7ffe024c4708,0x7ffe024c4718
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,2418059922249396943,12838992242718402157,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
27KB

MD5
6da5998f8e90d28378c84a2f8b1acf9c

SHA1
1eb55404a9d4089239d61f07b64d83d16d578bca

SHA256
10714240fab1bf95a09c0a6461bd3621783b763b6847bfa8255622d7d13a4fd8

SHA512
8a96b06b85ef59794870598ce40cd67fd1d608ddb08ea71fbe47e499dc449461ba0a0125188f16efe33a4e22cb8fac403685ab18748a119379aaaf2327976310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
65KB

MD5
48b9b0f9a7d9089e0e0eaa290982e568

SHA1
2a0a5d0b709a2f950cab81a9baf01e3d5ef10157

SHA256
5f936d166f796979830b217e85c57722eee41a45b5518a06dc4fd5c540343ed3

SHA512
43d485e14b441be158083d446f0d2c61862df76b4142e3c3d6e05a87fd18b4b3583acb7ebb7d0c9ba52f06b065fcb29ad6a94a71eba10d0e5242e4846da217f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
82KB

MD5
e6a8cff5505638c6b60348b9be6ab9b6

SHA1
d68cd17d603c4435a634d54b601f29b1cde79a4c

SHA256
966e3daa29b36dee32b8a9b72ba9c9897f46aee00eb015cb45380997d93d2a88

SHA512
30ceef2ffc9af729f923d8961b527e62c3030fe27760ebeeb0f3f483b1ac0b5ed15792ac8c087ae0aa3b054a723fd9dbfd6cc1088a895e37e8811bc219c8b673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
100KB

MD5
85dfc23a57ae4c981bbe79b4df09e290

SHA1
f84dc533d480df47a6dc4e579fbe48c7882ba50c

SHA256
2eb758b6f87281c2c38fe1e2c03936ea8dc58938ad7e09597edbdee1815ee989

SHA512
0a39e54fe022d60edc922925245e5dfab034629d1bd3ff3625568cc0cdbc7d08d170f0b010f8a029bf6aa5f11b6ea34663d237d6178dd64a6de8c83927b49046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ce87291e6069aea24d6602dc6fe31bf4

SHA1
73ea357bb1f3c5d1031189bd7dbc8e2487ca6241

SHA256
b28bf6d02e4c857ea08a0ebe2da527bc21e0a0e29bb053de8905ca8f5e6c1ef9

SHA512
fe311ae50e311e1afb7e0640ace245bf112898f8e3122c3b1b08851d953c2d198a02975055eaccf1f39991e0f1f85fd2765efdeb2c1fcf579d77ddca7631e3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
081c9639b645cf9ce44842fdb0ecd60a

SHA1
7f4ffc4066d43575511ecea494e411d3590f7e54

SHA256
627e4bdaac810a1c6c8a13a02f56d415ede191882c976d8a13dbe4f78e00f16d

SHA512
f97b39ca8e651d28ef972ab1a5c2c6d176a3d9d1beacdf8c20196c2f29a2045655777af8632cb450689043f4e62d2fa44895d96d2372fc815684da47802338e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b7ed54d3b87df28e7939a0557c3339a9

SHA1
1bfc3ca46f2e9d2f3504fa856d6672e9bc2e9e73

SHA256
44600e13603aa64a2bed28278fec510b00177c386271bb7b4425d0e899aad3fc

SHA512
8c4533ec7a2da9a6a3cafe397cae56f25574cce7c5153a9f4f6fad6d964483e33cfb9649a455ae11834e4423e2f12e697d13123f55e5e6a388735849d5d9b2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f0c11d216057f9df8950be1f884e1c41

SHA1
6052cee1a09b2ab326b2c444332a6a667bfbeb11

SHA256
6fe64d88e9ebc9e105ca010d8f1a8527ba5885a0e22b0137166cc4cc14afc489

SHA512
9ee39107d2e74974b592228f64956cd99cc16f1c3a2f0ac49a42da90150b432a66667cc6dfc77c6c9fa653d6c8312dbf5de37ada3a5018ba3711f275d8f86b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
422d0dec75d2b0bef71d20c337643ff0

SHA1
e5a7c7e6e265f172bbdae8f56a30044b4dfad26f

SHA256
707ef438b672abb965c9d737517f1bcf4cb48b43a49dfcda8a7069ecf1176003

SHA512
d2a169280e07585d8ab4f5fd43b0a81831a07257a1d8cb7be24b0a6a21344631b4e19dc2c5f22d19fa299545c44597349f7bb2a29bff03cf367327a98138ed7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
db43d5a18ddc9987c01526de43f3a6ca

SHA1
e29ae7b8b7d20dd5833ecffd44c255acd30c0388

SHA256
338626293a54087206a416ddb28333b70125abf8a46ba9fafead42b3c25fcf4c

SHA512
2f9e1ef9f8779d19d7564bd53fbe98e5691e70ffc637c8e23d29805eeaa4c12b84bdc05f26d20791dbc0ac7400f7cc155e58fda8fe7e931ded40abc36545157a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
03b917a77a80afb9c7bcccf5d1671af6

SHA1
6cc926031a61285cd9660197a3229cf0b3530b42

SHA256
e3d40b59ba93f8f283720ab4a8e20d53ad37d7c7efdb33ad1924a9283236f160

SHA512
489863a70cdf39880b77d0ffaa95ee2478173c869691b38599a7dd4db645c09a516810c3dbe6788ad294785a37c62428f0fcee09c09b07b06695fa70a703a6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
257f2d34d197c0e9172a202f00686fab

SHA1
0873788b20ba672c3c5edc77dc228c2d045a917d

SHA256
8d114b5dafb500d127bb7eca25ed0219be2b39899a8a2c7a53c6b4ae1f5d02a3

SHA512
f7183430fd9ae13f091a5a0c646b83dce303281e2cf94baa981a38dfe32b6526f701070a4fcac30131951dff33a915c8915714acec1efd00b9c3a660ac72e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
afe1244489a7e1a502286f5a7a16b98d

SHA1
f596426aba53b85b4717db23f1d77decbac66f65

SHA256
436407facb4f15031c5b475abfd6cb7ed6f264458a2974e12054b470693aa4a0

SHA512
5cc7ec6b068715dbd1ea501977b9554b3b9f267eacdf90d63c32922fb39750ccb7c93aa5d665e19f1d4db1e492c2136d64a5536a0d335010eaddcaea4e12abf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e669b72e5bb183004f701c85a6c91665

SHA1
40cc8a89b9be9b740ecb7ef9a9c34359e986271b

SHA256
428a993a6da2a3a8c53fe0cb2df7976c61ae7de0cb2fcfd063a235b32349c16f

SHA512
5d3cdae5380dfad9ba5b8bf70b81cdfdc3e9b247db19097475b88b002f7293feeac98b502000c5f35246ccd5c30755835c3dd94f5ee685efd2fd030eca70f03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
ad1f4c1737be7e24f09288a777ee37eb

SHA1
2c89c10fe51e7fa0a4378bb40a315be1225ee16a

SHA256
71151d81dd3acca32115b786209c77246d544e7d2a5a0db619e0c4d559a4cbf6

SHA512
1d81d6e2825f4812e9a2979a6f004531a80994dd44c8475731b16c5c80a4ddb145b3d14c0a10bebd17dccd3d46c0f088c67abd0ebdd027ccb6f7e38e7c7bd01c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b504eb8a08ce623c28454ea6378f3dd9

SHA1
e6f27a93aa312f1520c29933d2d5eb71f6273aa1

SHA256
bc322b4bea81fb1f849b81c7bfc0c6925df95ccb789360f5c7869163b3b87366

SHA512
5ac928eb781f5cb1cbe6740dae396d12553c92732fafec860019d70823c72e84cf837f572f319abbd406e4abf1af4b34bbb63f4dfca9cbe2e58b17f577daca84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587d0b.TMP

Filesize
48B

MD5
0214ce8e57808ed0b3766ffb5c88c26b

SHA1
e0802926c4f45e8a1326e55faa059d56f9aff5b0

SHA256
1c4f40fdd835b3495d696762cb02af3f6ea2ab2584ecbd75f5e16aedd7172b0b

SHA512
272e7efa873748584c1e93c3d40f2ff34e7fe68a42b4113a3dfcaf50e6ec3066aae334469c076a723c91b3c64a72f610f5795dc785835cab7ba7cc9f89ff1620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67f7b48eb4f508043f204c432e5ba13b

SHA1
47e3540964c0c8b4b9195da409fbbe09142f905d

SHA256
c788dd08f17ff8042437e53bc46a9f2b9863620ad1e24dd2396481fb71840ea4

SHA512
e66c0cee660a92e35d4cc683af10880b2caecb459dff6375b612ebf38be53139ecdfd57582ac1f3a836d5b3f5b4f82188bc7d85a92effdf29823740daca942f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28b89e779fe0202f68f3b0cc8f22a148

SHA1
07e1809394634488e0aac6d2b8c20575c9625a3d

SHA256
90378b5dc0ca07d7c808c7bedd2e5de65850705f3c5397eb3a64b368a2e4ee83

SHA512
e13376011655b6533bc817b7e66cb02bbd8f74c38cefcdf2fc9fdc44e58e811687968589736e3003ee2a3e41ba26e70fdf9440512bc0f044890034abbfff78c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
65271c474105ed56e55e0eae122a50db

SHA1
700c6c71b66f84821f8de8eaaf9bc2d244d6608a

SHA256
23ac67b882673a15ac7442f502275d7267a38afbcb03e58fa85692eb34d015ed

SHA512
183734f4ad092368af1fa69d3e0819ff438ae8aeebd88232be7a7f5f3c28b0e34c75500122822e11cf638c4d19bf1c73e3ec4165039d34ca75d1931e135d74c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
09c4586ddcc1550a69fc34433039f02f

SHA1
ab12609fddcc948b2b05d27421c6ba9d2925ed17

SHA256
7a89ad7c236a5c40358b45b1ac89643e34593ac0736adf05eaefe0bdc86a7cd2

SHA512
fba97c84a70ba439dcedbf892062cbffb3174ef839f0eb60cb476eeaface20e4a20e3a0ad8b489687d06ad49385121c8df7fcd4e4b4b5d3663eb8b1c892d4f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9e2de260823d17defd03f605dfd0348

SHA1
012e6deaf727feb75efa842fbe6f82bd496fd702

SHA256
21721fd07a653aeebe7a27135410a72f1b850c7b3f78988de9f7c9824b6db557

SHA512
fe24c734d261e8f116acd2853f9d75d98c29ded718794f6e24d2cd01af0fc1723a609eece1340c4697fd67233d4cc59f7b13790b0a038cfad44b6bb6d9bceff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b92.TMP

Filesize
534B

MD5
145aa6ae977db9904684cdf6d1ef6ceb

SHA1
db96e492e572badda55c754f49a75934cc4afafc

SHA256
ee345a198479260543befded4e7eea4f1a14de9563997039a28f43e11d443f59

SHA512
eed7b1483f41096c65be8e1638480e910903fb5ea4b673e1a83496cf5b59a45b4acc22035f7b0af7e78879fb1977c7c7e0d632aac98f5be977c0aca6a7d16e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1e4175ab422c8c31e599b4198df09cf

SHA1
55ead1f019c63f12ee0ab018aa6dd17cfa57fe06

SHA256
8eccc6be00a02962ef5504808bd4079b095bac890755a0d82bffe852ab1787c4

SHA512
b05709460e031e6dacd3770fd9c5ebb527c5a5206a558d1c5e81565b83292f9a4691509c4261882c04f6e2473f453d18e26eec2f5fbbc0c9aa458095397f6bdf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit