hxxp://theannoyingsite[.]com

Analysis

max time kernel
1681s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://theannoyingsite.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{5D910CD9-4B02-45C7-A520-CFDE516AF0C5}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
4928	msedge.exe
4928	msedge.exe
1624	identity_helper.exe
1624	identity_helper.exe
5000	msedge.exe
5000	msedge.exe
5916	msedge.exe
5916	msedge.exe
5768	msedge.exe
5768	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4060	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4060	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 4580	4928	msedge.exe	83
PID 4928 wrote to memory of 4580	4928	msedge.exe	83
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 436	4928	msedge.exe	84
PID 4928 wrote to memory of 5116	4928	msedge.exe	85
PID 4928 wrote to memory of 5116	4928	msedge.exe	85
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86
PID 4928 wrote to memory of 4176	4928	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://theannoyingsite.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8156b46f8,0x7ff8156b4708,0x7ff8156b4718
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2088 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7972 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=1048 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5148 /prefetch:6
  2⤵
  PID:5852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2608

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
602423b6f4aab6d983d0a7ee5f7ffda1

SHA1
ab2261fb317c8918a66d8a37d7e29f4be4c7d6bc

SHA256
cdf89368a478501565ae4704d0318011d232cb9448f6f4061e68fe252e46b743

SHA512
3a1c030ba3bce209ae0d275323fc6eebf71b19b26978fdd35ea2276070ea025a596f6aef21d688e9b36c32367621ba04cea526db74a0c69b38e2cd0589da4703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1024KB

MD5
370342ce51445e68ee677b56ac8992c2

SHA1
ae86b56902e668c27de4c1b2a1a197da17f89163

SHA256
61a2bba2783a9c376c47354fa148974aa36295fc60029c41d6252775e6e84310

SHA512
b47e765be3d54f94e67d75e1f0ced3404946cf193dfc5ad1e4db0c932df90bcfe9bdde7a3c9888a134d2601e38162eb38282dd401344a34c5dcde9ff893dec1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
1024KB

MD5
cff8135fad32b2b8ebf76c0d89137194

SHA1
76fcfbd06b2649f5b7d6acaeae9894b163db6304

SHA256
7146d00f0ba23043a6da856326c710cc340e14c76f17fe5e36c3d3da5b92d315

SHA512
c0ed6d842e4bb7e19e04ec1be54e109822ca9e73a5e78c847b340cad0a182278966685c67161ecf82b3fdb79350085630694d2a6a07889c4e55a597b86a9f9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4dcc038095e277795ba99e60d035fca5

SHA1
7daf6405a830d226ed5ec8649d9e5cfc692321cf

SHA256
85b79c05c8ee89dec73bf8bd6f850d0e3fa3c082b54143b101e466eef59dc425

SHA512
d9020c5d0bf22869ea52f4e0965dfc31ec9ad759e7303e0a433acbe79dc26e9dfdf47796ca53a17c721f9ac612e4071ec71f485364b85a38254e384983214951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1ec0cbab6d21ec3722ff5319e9694132

SHA1
2414af987152e6114285e5de5c483404aef15873

SHA256
9dc4961c61cb9718fe370d3ed028fa0c37447b123be4a7e0bc1e2a5af5252bab

SHA512
445d1d24ef912503ff4894ab18186b6fc7ac70b775c87dcf115e451d45d37c0e02265ffdc576b9f07e7309802b5101a50acab8085a7c69bd56c1d801ebffc1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc6af05fb202eb8ed51e07403c026dd8

SHA1
3bbe9a4ecc0e03e759d421d8b1151b07b9354315

SHA256
4ea9180a19e3d63700011e487a29d99c97442c6e8715c1f891085708a608a1e7

SHA512
c5a971df5823047bdc43f5b07a335c0adbd50e5a7af742a40377078608fe6eca0aade901f04e2ff509e2501583370bd58c66d1643e7d52624d30eddc1637c4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7bc741227bc101ee635af5c4dbbce8cb

SHA1
af86b8d4cb18d08c445fbc4620f22154b3d9eec7

SHA256
f42b802e85bd6bf67c4c262ca70e3c73c02416f7314e2a2650ae9dc01f65b669

SHA512
4b572052640e4b4ec9ff0d35ff48a16c9107abc4632dbb0880e1e8509d685c77bd7c34a984ff08820a1686d028f8bdc0b8e9201fc720e4675eead76217432503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c23b8dfb34433273019ff04f862e526a

SHA1
5d5e9aa9acf4e3b60851e7ae277d70281492c63b

SHA256
c62820a377fd4b34dbd8368141886731665407a40503be5eb6fdca2b27f755f7

SHA512
70c925b5aa74648dde01e7b72d52b99389f809ba2effdf2e6e50c27b5beff7650e0a39fd58994ce98928c7a4b07c3d1c52f8e94fbbb3755a7bfb0d97b0babef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a69f6971daa976e6f46885a854feb5cf

SHA1
a453233c4ffac3ef495ed6b9b5ca77822bb05fb2

SHA256
41fa67526407b0e8de5d25c9736831accde2f194e659cd31d70d836a73675641

SHA512
d0cd3b3b4f822ef83106d36788d4d0750e760235b2b412b0ff81dd3993f69e0443fa79f7571eb8b560b2a60f83bc0f22f0da4c17a597d81455e11b2f4ca5baab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
41de5fa2129572ccbbd2400f8eef7537

SHA1
8db33bf18070b84e7cacb7f1c6c77f29fdc370cc

SHA256
0b638c3f943163f75de38eee7d7baa7ddad784f8c1916059506924b86b467b83

SHA512
2f3788515faf4df5f726b5817b1c5bdb034b513070b22ab514ad5696f46331f37eeb76340f2815a4b3215c96c437f3506651ab4f10c1edab214a88d7c02c63f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b93d7db973b4c6f10937f092860c0e8b

SHA1
23197eb22bc242ba898fb2ee0d99cf32b1a723b8

SHA256
ecec278775e43ee6f04de0dfb6b3a9671475771146bd45db110fa608d361b565

SHA512
4364f2f6d12fc3c12c5d3a900580fa4bd32cc4da43f7aa0d8533ad5a07fe2c736531d81e30dc3d6228d442979132e92d10ffc52113ec36625cb75711568bac63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56f5a7673202ab0cab0743b5bfd1ee30

SHA1
1c219357275038b34ed664d0819ce28eb8959b34

SHA256
066253c28373b553bd401b672fd2656ea59dae604d171928d6039ebe88af47ea

SHA512
5888cb2bf7a383f89fe92f7aa43de013788c2b06cb4cd3d95d76f38fedfafc1bb652c982d2d09e68b60a9e185fed368c74dcb125fc8377ca35e860d7d185c8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cae6b2f1cbdf03b1ba57e92ce16518ac

SHA1
66c55a6ff6b76b2d08ed9cb5d2b0ccbcd426101f

SHA256
c7c99a265b9096fa2deea7cc16866af918d0b9277f9202454f16ca23faf7bf93

SHA512
cd0d1f5f26f1daff1bc1af07245974d07c7a6bbdf8547c4135bd2a562123c5e7ac0d967833b2d0e8a4758478b9db0662ce3bf16be840f27bf379b0e117f1b53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
395d3743430661603966ce046d2a265d

SHA1
d99ecb3b2156aa4b8668ce325c2fb09b11f6c988

SHA256
d4dafc271b2dac8465f32db39628ecbfc9018715516801377a79a7816533a216

SHA512
02edda8b13ae9af9764903b76555abefdf211d4a3997ce7d37444a52095f7990d151a84cb54567009869e2dfb0d4ad31c6c7e04b4070ef233858ec84d3755ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
0c485e056c319cd3df440f4eccf6a0c1

SHA1
8af944e4ebd65844eef922d20c4fb4f231c25b56

SHA256
1841e2459f34a8b193bf6c3218cd2dd9172fba285fcbc72af3b7e6f1ce4c8d78

SHA512
dd26eec5cb9eb4ff7ec2eccce4b1dd80202812d2b4f00b7edcc9af34514f938ac0364fc18f0a460e44aca1b29f62ae86d87d02066ed43c52a3ebcb91195f2968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58588b.TMP

Filesize
370B

MD5
ae3610e430cb2845d7eb9f764ba6e862

SHA1
b2c1f88c27c99241841c4312a8e9da9f37b051ec

SHA256
c586d1fc9a276e170da14870a80643061c5b740a18742398dc833ee9fc1592c5

SHA512
4d1e1102c50eb684c170fc12bea2e6342133f6503ff71ad20ee86d265610439abc9cb0f4712b13be54e542f08a4d92463071d270a59ae8204b8b55af4ff92cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c7731b6bc8233ad092fcef6cef4fcc16

SHA1
2f107092e23cae418825515903da43b6cf437c81

SHA256
306026b2c23dec07bef1690c3a64acd19f80e2e3080ffba7a4e92b547a4ed145

SHA512
3802b12ed6ba506a0af8163a7ce190f3163988f4eea6d69d5e1982d1706ec06e677f92852e090f138a1329c7d40327ea700e9175a6ee539e4cf882ea53f90359

Download Submit
C:\Users\Admin\Downloads\cat-cute.jpg

Filesize
87KB

MD5
b95f972b9b33ef69ca3b9fb1b0adef5a

SHA1
d8ad42fab3f36712b6205d6205ac0947615caec3

SHA256
b1d1005b14deca1ed1e078758d7fc0dd9917748b46f71b0be16b44c57bd0088c

SHA512
5448bcbca0acbc02b2cf12e81fadb1a0a1b5b27128a530a3620576b58a26926b8b07f814f2dbc60716321f883e75d08a3f606b14b8cae56e459065c7456b4def

Download Submit