Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
01-11-2024 18:11
Static task
static1
Behavioral task
behavioral1
Sample
game.html
Resource
win11-20241007-en
General
-
Target
game.html
-
Size
7KB
-
MD5
547be3d83a9c4cdbac5ffb541eead71a
-
SHA1
4503681d371f96fbd626b46b665e36f88c1ddf67
-
SHA256
c4f02ba5d51fa4b73709b12a8b75c495bdebeace9fa61a208bfae999ad5c35aa
-
SHA512
f4d7d60761c61dd8e0aeacc08bf34f5e4a594414f7f68431501c3e09f1934a07e0412e90e18b1d20e323bdc857b3e752fdb53eadf5ec89b451b5c01bd23450fb
-
SSDEEP
96:PNybXaotqEb0EZ2W87I4XfXdXSOdjWwYT9Tk0smEQ3NzoNlxmaid/CX0fBF0E6N2:PN2x2BpPtCOdjKT913NzoNmd9Ba9yZN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5028 msedge.exe 5028 msedge.exe 2884 msedge.exe 2884 msedge.exe 3452 msedge.exe 3452 msedge.exe 2212 identity_helper.exe 2212 identity_helper.exe 5888 msedge.exe 5888 msedge.exe 5888 msedge.exe 5888 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
Processes:
msedge.exepid process 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1544 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1544 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe 2884 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2884 wrote to memory of 712 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 712 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 1276 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 5028 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 5028 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe PID 2884 wrote to memory of 2516 2884 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\game.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff160e3cb8,0x7fff160e3cc8,0x7fff160e3cd82⤵PID:712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:22⤵PID:1276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:2516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:2624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:2504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3452 -
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:5104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:4652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:1428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:12⤵PID:4208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:1508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:4400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3200 /prefetch:82⤵PID:3012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:4552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵PID:564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=984 /prefetch:12⤵PID:3032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵PID:3084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4996 /prefetch:82⤵PID:6088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:5204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵PID:5212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:12⤵PID:4616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:1444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,16089680723618117503,11157568614255479127,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7340 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5888
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2216
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4284
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3536
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C81⤵
- Suspicious use of AdjustPrivilegeToken
PID:1544
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:2628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e9a2c784e6d797d91d4b8612e14d51bd
SHA125e2b07c396ee82e4404af09424f747fc05f04c2
SHA25618ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6
SHA512fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1
-
Filesize
152B
MD51fc959921446fa3ab5813f75ca4d0235
SHA10aeef3ba7ba2aa1f725fca09432d384b06995e2a
SHA2561b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c
SHA512899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06
-
Filesize
103KB
MD5f2dcbb1f3153e72e5f9335a4776bb51d
SHA1fcf76e5002b9aa519906913f3ec493fb7affa3e1
SHA2562be16e2098f1c7f123d123adab5c763061ddd3db74fcdff7e77299267d4bd1bf
SHA5120f9510cd8fe090ccc0ea7c60105b56147cb6f11d9726d1775cdf298c8d131f103b6d0cd71502ca1c72646020a067cd2b9e6fb41d18431a57dc86a8a1688b3afb
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
Filesize
3KB
MD5b63b2fadc9610c43f908b371ae74fe09
SHA1c68913d2d2259ab69e8492c412f8d4b276943eca
SHA2563e159ad46d43377dc7f316eb71860a48bdbe051759d82c8d280896bc30c46570
SHA512d7822d2c15b75725df2ecdfb7094971cf5d84412ce5f528167e3c3f86a79ed6cb02e66012e51f4c9c5fad72ea86248ce25a5fdca0f3dfcf0606bb7149204e9ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5f6f8f838fe922e3254ceb77c68fb5e1c
SHA165b40e51f19bdcc0b3405319bec61ab460d4d58d
SHA256d74ef03c5d9eb209e8691e571b38fafcd2627c773deee72027a5722903d928a7
SHA512d3a8c5b08399794d805fe1e7458e49b9a08a1ae479f07ebe6c6d31b77345060f46352664a143ce88374bc7135254cf45efbcbed22833386d3b45e5dce3acf12e
-
Filesize
4KB
MD527e85c3da12157f42e729ba39e4d9b2f
SHA1427315ff7242c4b29f82c8efe1658adb2198d787
SHA256337f73fedb757000a0458165bc4e72b3ec101834b7a0fac57284ff61e947447c
SHA512c8a5b045005068ff273763168f322ae7fa77ae2759348830ef3726ba16984b4e5d8cefcfaf3ec7abbd507d5743e9f0b41522817d108b32451e1f5f3150e79ca8
-
Filesize
5KB
MD597d082cfbd87cdf12ff6407e39480dd2
SHA13d48bd8774b651f5b38442781c7f2bf410dbeff0
SHA2561488b4f39566e2f1e7f5bdaee19f444a578f472105b3d4d13d04ffbe69225dd0
SHA512981adb11ab29cd894f386339b0a9f1f2929ec66fca2480e080ea8d7aa229c5e87379b2e364c580843dc019519787e2c078586bf1aecd8ad71a6847e9c1c0c9f1
-
Filesize
7KB
MD57d60368cff204f547d073c0e91439579
SHA1cd33d2dd29cea23cbed4f3d74785703df4cc4307
SHA2565c9ccabb4ef3b47f022c9689129f05cf5b55c81f18565721f31d5f730c9a387c
SHA512d86525212c15f0144de7a6925a3fd7f6fe9895bee9747a09318c1f302903597d7399b12826375b739c5783b9ebd8d46b6155ec81a914f0bfa4fec7e3bb85e441
-
Filesize
5KB
MD5c1a0e3044dbe27ee18ed407665b2ee63
SHA141c86a987466cda889aef8c3773734e6a18bd009
SHA256f19b3753cff9193c1bb071385c14bb250fde69ed05be86deeb3f233a5f7c95a4
SHA51209fcf88a1b3511bd92e18627d21b59f406d748f95cb5746ced2a3715ac13b1ed20f4a7c6c1102ddd13bd4b8b470ca2d3cb4409bd33eca361fc34d4332d7daea1
-
Filesize
6KB
MD59b4b4323d00c0fb40fa3a2eaf96ea988
SHA151cf58a6a4117680558651431a9195b6d2a17c42
SHA256442d644f2820771db96e6eba44ef7a2c6c4265d78ce3f84f2834365d3f21ec3f
SHA512f7a5bf60b170655d72a035078c2d342b8db7a1b4c841035ef79aabd2ad9e827b8617d14cd7c14ff5f64175c52616b3cd2ce7ebf27a3150d88d5b84b143341f8c
-
Filesize
7KB
MD5665d735c4090aec3e222dba6fa684a21
SHA18a428d65405d77bc24b757a623cab72be3ba3ffe
SHA25600261a71bd530798988c4c479cd6c979a5147f260b434e3953159fd096f66a49
SHA512bc4ef04c11acd4721f162117504532244157377ad1cca529a5fdb1719c8aa6178548a985f63904453665b74b3ba2f0bb07dfce27f77bd7b0950110a758a9c821
-
Filesize
9KB
MD5b013a7a98d4f058ee38b300abcc70e25
SHA1770cb04ca225f8bbbf84ae8c5369dbe3eaefe0f1
SHA2567fc17e28a4939c523507c3d0e6423a1f18723391b98a4230cbc61d35e4ad00df
SHA512d75c88aa5e133bbadfc6180e376c05e76e61d8527910d0b05e3e3d56daa7fcf8cb5fec472e659a250209182ebbb6c5aba6b838afaed60e386baa9445a7abdc1e
-
Filesize
7KB
MD55166ca87feb77cdeb5854dcd75c0654d
SHA1a4e6bf5ef4793152a8fdf1ede01fb8972f81b590
SHA2560bd308c15f5e1679a05df41575a3b37b9982223fcf1775ff4229f0aa87532051
SHA512fc61d8d33fcd0e15e5624088b18dc34f93aab9c653885d2557d61b5b8e1a5178e7f97144bfff2a3d25526d7f72e4049afc4bac9fc797d396d1e4bdbd8cb8c806
-
Filesize
6KB
MD5438b47b559bc214c8144d4e2188d4674
SHA1695fc047fcc8065e564143989b95214577bacf2b
SHA256404a97c11540d6708d6b800508266d7292556ec140f3a0b5aa78e99f78cb2bf3
SHA51246168ef2d7837af59312d4bcd15aeb20dd1de406cf042bf9d31ba8a6f1e28804e17fe926b198bcf69f63e97713078a2e295d13996854b7bb75c0e16bafe913da
-
Filesize
7KB
MD549a5cd5e2cf7fc71f94dd8f13a2dd41b
SHA1768e21bbf07ec961283c18d2061ccdbeeaf8368d
SHA256e8db7f5c26bb62c22cac92808434d5cfff8b47ddd07f1881129dad0fddcbb046
SHA5122b979f4e04df6b592829b4eddbd1a44799bd42b9584fd7afa4c739cfdf8907cbd4e64bcfb1b1a1e278ffcb39fa66ac3282e36354f75eb758979d0945cff6b2ab
-
Filesize
10KB
MD5c1e09c9c4fbdf64c4aac2b8a3cd8b1f4
SHA108086c2bae6ef8d6ee8394c07a44b99766ed3ead
SHA256ae882d5eb151b5d7b26a83301d961a3987fd91ed2bbd0f1655129934df44e437
SHA5126aae68078e60c6d90a7242473af5382cca4bb0a26f49f3d43f4d089738c9e3a5e8e161762fd76393a01938b47873a9830b023dae8b4416efefa791ba7c0b1154
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
Filesize35B
MD5343859b4ad03856a60d076c8cd8f22c3
SHA17954a27de3329b4c5eefd4bdcb8450823881aad6
SHA2568c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA51258014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe58343a.TMP
Filesize99B
MD5ce72214abfce9fcbafd16990aedc75e2
SHA164a1b8f651ffbd48c505a786d1c95a3270e7e0a6
SHA2567d7e98e9ebba9528836c4abea7d5b830b118f63eaaa758dbd7e223fa3000b7fd
SHA512e64f58d163d9282c61d15798963a8cc6df6e3ff0d0ce5b6781dbd6272dfe44626051656721bd28561b710b14dd2d869989439dbc2e43055db5ae974d5d710aee
-
Filesize
2KB
MD51e8d942ec212d24208ab833beceb7000
SHA11841ed9c528dacea05bb2cef83e0d9bfc64c831c
SHA25694e1c5a8823c9dcfd2674447ea2814102c5d68160b96b39b4f4dcf4a95647a43
SHA512a49b66a7c13322ce9e081720a69635a4893b8535f37e4d165c068f32446d4d28aa014b98a4997381c48307b4a7f2c40e7e10a3dbad036956ccd36906f3d010f4
-
Filesize
3KB
MD53a757bda124336b72b33002a1cae3563
SHA136a02728598e50b9ebee702588ed98fad495b656
SHA2562c8928961d6ce4ed169b1b8bad90c254f6de57877962060b70127de6cf58acd7
SHA5125338f0d3888b8d8674069757a6cc5eca3bf35a7771d8ed1520b173b6dd734f56710f504b3c4fd305d6bdefddf3e9d9872e2645b2e6c3464c07240300145b5904
-
Filesize
1KB
MD5b232c03a3b1349452ef6efdc7a3a46a4
SHA170bb170e28b0b13138f0ee328652f3fe59e2c502
SHA25603a70af238058dcebfe15a90d3d1aee3827dbc63720e6774c55bcf6a464f7013
SHA512991c3f134dac5617d59567198b9e2768243b28d13f6216e9d5cfd00b1cb6f10c3254fe41922f8bcba4c9fdb2ea73ae035842bba5dffb3cbb2453e0049a81390d
-
Filesize
3KB
MD59e00a703c14e3099a66d3911777a6c10
SHA10cd87757109ec8c5060939f232ffb5375ea3d691
SHA2564da68a570650adaa9bb9ee718ae49f085e688e986665b6ba3939b2d6ec86f98a
SHA5121770b932e23cdd2f19c291b27df1025c041f3f4fa6a185221842e2ed72ea898f2c7d577cb8a9c0e5a246ee96ffe14ea6335c124c7a3033cb940034256fbe3111
-
Filesize
3KB
MD56336de40f928db439e0a307f988f58e7
SHA1678df2eb454cff1614f5bfd40b7907e194a083aa
SHA25665327d9082df72a668bddd06a7b47ee2eab911f81606d685f20491d4f6b486d5
SHA512e81ac05c6d23f07af5e518d7053e9c1f4cddeaa7fe9ecf3729128c6e94c53c06b3add9ae8d691f9fa9ae17eee80e8bfe9f32aabb71cde9bf23d9f7b22dd9dab1
-
Filesize
3KB
MD5fc9357ff8c78d14c40340ea2e6f21288
SHA16a707cbd3b3eca3921a3ab21cf13338266c34c59
SHA256bdf0c8f3584bd14789d0ca9656833126ff966ff0a86a945f8873d633e0aa4215
SHA512a0b684e756d5c558587d7f55c1a1df18ddf1b796edf9e8b2358f045f8e76af5c6c8aab2536dc23f900a71417d1759522c838a6af779def62bebf8bf75b05f5e6
-
Filesize
3KB
MD55f1d16c478ea4d4bdbb4c2c193dbdbab
SHA1a85a1667e99155980d7d3a4aa0c67678238af0f9
SHA256e07e48c97e225f85f500cbc3468f2e29e27df680e03121fc9c59e5f1d527b9fd
SHA51265219154f507670db569450e940f772d2c39b528604fcf465edfdf13ce83a4d415b40fc3e76ec4d822ab42a8b10eae4929283044491c702022dcc4c7dc67a6b9
-
Filesize
3KB
MD5364ff9155c371ab9375a1ea8149a9737
SHA1020a59f4208a7dfbf90b1181221c7874ccf49a5d
SHA2564fc96c17f9c0d72ec3c68a1b09040bb7dc278bbd03b98665223962387bd58fd1
SHA512c18e725b6530920847888352d578c44b61c2ae18da730bc97b158c05326b9fd8d27a8fb722b5f55653363332d9cfef3b6e87050398fa2ee395a19a388665be9a
-
Filesize
873B
MD545f83aa6130da7ca20c64c8f883bcdb1
SHA1e6c56ea62804fa76b6933dcbadb60938d57e60b9
SHA25675e8950525c1a764a592ab3c56a5d736ca994795064409cb514f9b2027d9de6e
SHA51296ec21caaba9990496b50e6ecc719cc01a5252612d1959945d3e99a6f0319bf00a97ef2d5c1b6a7883cbe3f5ca29787ce17522fc593711ece783bdbda84ef8c5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54eb592da6f6ad4c4be25477453a3de8f
SHA118ceb5fe23fd4081ef476ad562719ee00dfefd6e
SHA256baf959b0c291a57670bf58e958cba356b73df995d57e1a833e417ce921e7c4ab
SHA512f4d562a074f5647c74ac571fb7ed90ee4e44c1792764128513f91f728dd94cbd4c4bf7bb36dafa2c0d394eb5d83c0cd650e9a0ad857e882180c6554bb04863bf
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize14KB
MD5530a84d6e29662ba69d417548157dd38
SHA1187390df95db27121a6f4b92e5a5a85e97dd05dd
SHA256b335e4324a3308ab8926c1585b23b07e192f139bf2c4390e8343fc35dcc6d94f
SHA51230f2fe0cee45b94fdd4ed557df884303eaa01f92d731c1a441b0d94c1ad9e16069915fbb3f2653928a6c7cc1496f0846d22d2489f55bbc1799832d3486415f26
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e