Analysis
-
max time kernel
1681s -
max time network
1685s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 23:47
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://theannoyingsite.com
Resource
win10v2004-20240802-en
General
-
Target
http://theannoyingsite.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{5D910CD9-4B02-45C7-A520-CFDE516AF0C5} msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 5116 msedge.exe 5116 msedge.exe 4928 msedge.exe 4928 msedge.exe 1624 identity_helper.exe 1624 identity_helper.exe 5000 msedge.exe 5000 msedge.exe 5916 msedge.exe 5916 msedge.exe 5768 msedge.exe 5768 msedge.exe 5572 msedge.exe 5572 msedge.exe 5572 msedge.exe 5572 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4060 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4060 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 54 IoCs
pid Process 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4928 wrote to memory of 4580 4928 msedge.exe 83 PID 4928 wrote to memory of 4580 4928 msedge.exe 83 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 436 4928 msedge.exe 84 PID 4928 wrote to memory of 5116 4928 msedge.exe 85 PID 4928 wrote to memory of 5116 4928 msedge.exe 85 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86 PID 4928 wrote to memory of 4176 4928 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://theannoyingsite.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8156b46f8,0x7ff8156b4708,0x7ff8156b47182⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:1752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:12⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2088 /prefetch:82⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:82⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6356 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵PID:5168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵PID:5184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7972 /prefetch:82⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:12⤵PID:5904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7784 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:12⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7428 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:12⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=1048 /prefetch:82⤵PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2052,2830813528197523939,1108974672609865593,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5148 /prefetch:62⤵PID:5852
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4036
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2608
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x514 0x51c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4060
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:4992
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD5602423b6f4aab6d983d0a7ee5f7ffda1
SHA1ab2261fb317c8918a66d8a37d7e29f4be4c7d6bc
SHA256cdf89368a478501565ae4704d0318011d232cb9448f6f4061e68fe252e46b743
SHA5123a1c030ba3bce209ae0d275323fc6eebf71b19b26978fdd35ea2276070ea025a596f6aef21d688e9b36c32367621ba04cea526db74a0c69b38e2cd0589da4703
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
1024KB
MD5370342ce51445e68ee677b56ac8992c2
SHA1ae86b56902e668c27de4c1b2a1a197da17f89163
SHA25661a2bba2783a9c376c47354fa148974aa36295fc60029c41d6252775e6e84310
SHA512b47e765be3d54f94e67d75e1f0ced3404946cf193dfc5ad1e4db0c932df90bcfe9bdde7a3c9888a134d2601e38162eb38282dd401344a34c5dcde9ff893dec1f
-
Filesize
1024KB
MD5cff8135fad32b2b8ebf76c0d89137194
SHA176fcfbd06b2649f5b7d6acaeae9894b163db6304
SHA2567146d00f0ba23043a6da856326c710cc340e14c76f17fe5e36c3d3da5b92d315
SHA512c0ed6d842e4bb7e19e04ec1be54e109822ca9e73a5e78c847b340cad0a182278966685c67161ecf82b3fdb79350085630694d2a6a07889c4e55a597b86a9f9b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD54dcc038095e277795ba99e60d035fca5
SHA17daf6405a830d226ed5ec8649d9e5cfc692321cf
SHA25685b79c05c8ee89dec73bf8bd6f850d0e3fa3c082b54143b101e466eef59dc425
SHA512d9020c5d0bf22869ea52f4e0965dfc31ec9ad759e7303e0a433acbe79dc26e9dfdf47796ca53a17c721f9ac612e4071ec71f485364b85a38254e384983214951
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD51ec0cbab6d21ec3722ff5319e9694132
SHA12414af987152e6114285e5de5c483404aef15873
SHA2569dc4961c61cb9718fe370d3ed028fa0c37447b123be4a7e0bc1e2a5af5252bab
SHA512445d1d24ef912503ff4894ab18186b6fc7ac70b775c87dcf115e451d45d37c0e02265ffdc576b9f07e7309802b5101a50acab8085a7c69bd56c1d801ebffc1bc
-
Filesize
3KB
MD5dc6af05fb202eb8ed51e07403c026dd8
SHA13bbe9a4ecc0e03e759d421d8b1151b07b9354315
SHA2564ea9180a19e3d63700011e487a29d99c97442c6e8715c1f891085708a608a1e7
SHA512c5a971df5823047bdc43f5b07a335c0adbd50e5a7af742a40377078608fe6eca0aade901f04e2ff509e2501583370bd58c66d1643e7d52624d30eddc1637c4f1
-
Filesize
3KB
MD57bc741227bc101ee635af5c4dbbce8cb
SHA1af86b8d4cb18d08c445fbc4620f22154b3d9eec7
SHA256f42b802e85bd6bf67c4c262ca70e3c73c02416f7314e2a2650ae9dc01f65b669
SHA5124b572052640e4b4ec9ff0d35ff48a16c9107abc4632dbb0880e1e8509d685c77bd7c34a984ff08820a1686d028f8bdc0b8e9201fc720e4675eead76217432503
-
Filesize
9KB
MD5c23b8dfb34433273019ff04f862e526a
SHA15d5e9aa9acf4e3b60851e7ae277d70281492c63b
SHA256c62820a377fd4b34dbd8368141886731665407a40503be5eb6fdca2b27f755f7
SHA51270c925b5aa74648dde01e7b72d52b99389f809ba2effdf2e6e50c27b5beff7650e0a39fd58994ce98928c7a4b07c3d1c52f8e94fbbb3755a7bfb0d97b0babef4
-
Filesize
5KB
MD5a69f6971daa976e6f46885a854feb5cf
SHA1a453233c4ffac3ef495ed6b9b5ca77822bb05fb2
SHA25641fa67526407b0e8de5d25c9736831accde2f194e659cd31d70d836a73675641
SHA512d0cd3b3b4f822ef83106d36788d4d0750e760235b2b412b0ff81dd3993f69e0443fa79f7571eb8b560b2a60f83bc0f22f0da4c17a597d81455e11b2f4ca5baab
-
Filesize
8KB
MD541de5fa2129572ccbbd2400f8eef7537
SHA18db33bf18070b84e7cacb7f1c6c77f29fdc370cc
SHA2560b638c3f943163f75de38eee7d7baa7ddad784f8c1916059506924b86b467b83
SHA5122f3788515faf4df5f726b5817b1c5bdb034b513070b22ab514ad5696f46331f37eeb76340f2815a4b3215c96c437f3506651ab4f10c1edab214a88d7c02c63f0
-
Filesize
9KB
MD5b93d7db973b4c6f10937f092860c0e8b
SHA123197eb22bc242ba898fb2ee0d99cf32b1a723b8
SHA256ecec278775e43ee6f04de0dfb6b3a9671475771146bd45db110fa608d361b565
SHA5124364f2f6d12fc3c12c5d3a900580fa4bd32cc4da43f7aa0d8533ad5a07fe2c736531d81e30dc3d6228d442979132e92d10ffc52113ec36625cb75711568bac63
-
Filesize
6KB
MD556f5a7673202ab0cab0743b5bfd1ee30
SHA11c219357275038b34ed664d0819ce28eb8959b34
SHA256066253c28373b553bd401b672fd2656ea59dae604d171928d6039ebe88af47ea
SHA5125888cb2bf7a383f89fe92f7aa43de013788c2b06cb4cd3d95d76f38fedfafc1bb652c982d2d09e68b60a9e185fed368c74dcb125fc8377ca35e860d7d185c8af
-
Filesize
9KB
MD5cae6b2f1cbdf03b1ba57e92ce16518ac
SHA166c55a6ff6b76b2d08ed9cb5d2b0ccbcd426101f
SHA256c7c99a265b9096fa2deea7cc16866af918d0b9277f9202454f16ca23faf7bf93
SHA512cd0d1f5f26f1daff1bc1af07245974d07c7a6bbdf8547c4135bd2a562123c5e7ac0d967833b2d0e8a4758478b9db0662ce3bf16be840f27bf379b0e117f1b53f
-
Filesize
4KB
MD5395d3743430661603966ce046d2a265d
SHA1d99ecb3b2156aa4b8668ce325c2fb09b11f6c988
SHA256d4dafc271b2dac8465f32db39628ecbfc9018715516801377a79a7816533a216
SHA51202edda8b13ae9af9764903b76555abefdf211d4a3997ce7d37444a52095f7990d151a84cb54567009869e2dfb0d4ad31c6c7e04b4070ef233858ec84d3755ce1
-
Filesize
6KB
MD50c485e056c319cd3df440f4eccf6a0c1
SHA18af944e4ebd65844eef922d20c4fb4f231c25b56
SHA2561841e2459f34a8b193bf6c3218cd2dd9172fba285fcbc72af3b7e6f1ce4c8d78
SHA512dd26eec5cb9eb4ff7ec2eccce4b1dd80202812d2b4f00b7edcc9af34514f938ac0364fc18f0a460e44aca1b29f62ae86d87d02066ed43c52a3ebcb91195f2968
-
Filesize
370B
MD5ae3610e430cb2845d7eb9f764ba6e862
SHA1b2c1f88c27c99241841c4312a8e9da9f37b051ec
SHA256c586d1fc9a276e170da14870a80643061c5b740a18742398dc833ee9fc1592c5
SHA5124d1e1102c50eb684c170fc12bea2e6342133f6503ff71ad20ee86d265610439abc9cb0f4712b13be54e542f08a4d92463071d270a59ae8204b8b55af4ff92cc4
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5c7731b6bc8233ad092fcef6cef4fcc16
SHA12f107092e23cae418825515903da43b6cf437c81
SHA256306026b2c23dec07bef1690c3a64acd19f80e2e3080ffba7a4e92b547a4ed145
SHA5123802b12ed6ba506a0af8163a7ce190f3163988f4eea6d69d5e1982d1706ec06e677f92852e090f138a1329c7d40327ea700e9175a6ee539e4cf882ea53f90359
-
Filesize
87KB
MD5b95f972b9b33ef69ca3b9fb1b0adef5a
SHA1d8ad42fab3f36712b6205d6205ac0947615caec3
SHA256b1d1005b14deca1ed1e078758d7fc0dd9917748b46f71b0be16b44c57bd0088c
SHA5125448bcbca0acbc02b2cf12e81fadb1a0a1b5b27128a530a3620576b58a26926b8b07f814f2dbc60716321f883e75d08a3f606b14b8cae56e459065c7456b4def