Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2024 02:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shanghaidaily4d.com/RET/TRG/SOR/
Resource
win10v2004-20241007-en
General
-
Target
https://shanghaidaily4d.com/RET/TRG/SOR/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 7 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 3660 msedge.exe 3660 msedge.exe 3028 msedge.exe 3028 msedge.exe 4700 identity_helper.exe 4700 identity_helper.exe 2164 msedge.exe 7052 msedge.exe 7052 msedge.exe 7052 msedge.exe 7052 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
pid Process 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3028 wrote to memory of 1388 3028 msedge.exe 83 PID 3028 wrote to memory of 1388 3028 msedge.exe 83 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 4456 3028 msedge.exe 84 PID 3028 wrote to memory of 3660 3028 msedge.exe 85 PID 3028 wrote to memory of 3660 3028 msedge.exe 85 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86 PID 3028 wrote to memory of 432 3028 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shanghaidaily4d.com/RET/TRG/SOR/1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72d046f8,0x7ffe72d04708,0x7ffe72d047182⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:82⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:12⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:12⤵PID:5668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:12⤵PID:5880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:12⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:12⤵PID:6008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:12⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:12⤵PID:5200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:12⤵PID:5656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:12⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:12⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7320 /prefetch:82⤵PID:6160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:12⤵PID:6524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:12⤵PID:6648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:12⤵PID:6792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:12⤵PID:6980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:12⤵PID:6644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:7052
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4964
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2992
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x244 0x3c41⤵PID:6204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
62KB
MD535fe37e08d59a3191e5937bbf348e528
SHA164555d7ba585935ad7031b1dcd85e32d665c5e19
SHA256e0050b274222e7bbe0d963be219a27e4a47fddcf1a72da32f744a04eccf91615
SHA512ef3b2acc746dc86ce4e9d075c133e0b65277c14c6347526e25ad5ede7a0f9403478a5fc6a2a19babea02012b5770de1b7484e68c1dec64502d362f8197289f93
-
Filesize
31KB
MD500bd4556d9672009a7cce0eb5605fd1d
SHA1e6aa062aa34cd745dbaa2b0fb851511a5ea734dc
SHA25611e4340eefdc92053fa38149176a0c17f55472b8fd3897426a76050aedcb8621
SHA51234f87481e0cfbab27750b392d885092bcd6e11796745b5ef7f39e9564b8d29d169cf8d72795e45745c366c18057d02120726951d2729c699bc60e6518499536e
-
Filesize
35KB
MD57c702451150c376ff54a34249bceb819
SHA13ab4dc2f57c0fd141456c1cbe24f112adf3710e2
SHA25677d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583
SHA5129f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59
-
Filesize
1KB
MD55f66ad83906391bf4c33378d66c0e2ed
SHA11f309bacad6bbb0afcd06d892c4507cf1d3f89fa
SHA256f1d012b259e7e5748eacbf25c2f31da136ff125fea00764c8ff5b465dd310144
SHA5128c5818ba7a738044595bea749c4f6bc17871c9042bca876e6a182a661ae91ac62c15ab71e40a93b5e35378ecf3138b2124e3acd37a4f563f79156370ee413497
-
Filesize
2KB
MD59c3c2a5162776e2fdebddc53197d6501
SHA156bf2ead5e5bb49032e88d55ac8c4cd2d865b35b
SHA2562aa494e96b3e229b37c8cdd519fc587f29c04303e3f26af3f3199d7925fd2062
SHA5126dd7d19326094c2a9056716cbdf1655e03d04c77040dde0aa6a40244f2a5f867ba58641d2d9094259ea91dedccf0f820e9c1778a120ecc9b1ad1f831c415c9ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5a43e885f994cfb9096fb1caf92d510a6
SHA12f1a9b60e469affd3e1a77df9bdf7e89b2165b77
SHA256bb524e6162a47512a0d9b030bc0a6c39d7a9391a4413070f05f7f43a02023476
SHA512bffab605d4607fa81377db17f76998d2052b52ba03771c9fbff2eedf5355f2a028e6b2251ad16128ae37d93a257472990c54cbbe72a444d0b32592b27612ab3f
-
Filesize
8KB
MD566a228799165ed3a3f92461a49d79b86
SHA183063282f617d312892e19c97d4c5bd3689042a6
SHA2562e710f99947b026eb083aa68b71f918fab70c79f71d84752b30af71e5b030793
SHA5129038e6cf753493f0d495a99d667eb9a1307e098060739db4f2a716fe77b1b6195103229f3b1cedd5ed4f56236aa33fc12910051234f7b4d9aeaa7d8ebd165c97
-
Filesize
9KB
MD593e6db9e77a363fdce74bd2740f7dee1
SHA1cb34d0f364ed0cf3076350a0b8f950e5d08d718a
SHA2568613cf2b4b45b96a8bf9f9476b6771df3da40e3eb2d994398efaef82db67a85a
SHA51268101f66c51ab362d5c4592c65650173419946e762c9140284441fb98fe6967a21cd8839a9b821b97c15147bb39d008948a83c14f48149ed61b67e3c65028ad2
-
Filesize
6KB
MD54e6e780ff55d2a56c9e3cc845df86e63
SHA1bd9edb7b1c6b91d3b62074e5917a3a25f221059f
SHA256dee0e8ef09a329bdd0aedf09c34362dc7485271b3d4e6b877afd59757067c739
SHA51274f6d7e2c47bed2ccf431ea606d1df2e751fd8edbfe6c1cb3a1263bb5498bf79c7492f94d504432737d93cb0245d9827963a5137559079ed57cd80193dffd8ff
-
Filesize
14KB
MD5a58d64a2700368b118418cf585e7f999
SHA1a9199ce8dff2f1cdbc888adf6b8c62ab5a25fdec
SHA2567dbbe80c5b5191469913bcfa2009f115ad367f39d0f8c3170add541a907b0c40
SHA51223a0f766972d29f02fbfdb9d78cfa401747caab4aa8c2514bba21f60014fe0902cf5c5221c94adcf8a4006858fda1533f66ef11d8dea1a6baccc58d8508b2fdc
-
Filesize
6KB
MD574f6fbdfc8631ab621c06b4a823ea28c
SHA1e8bd5a84038f8fc72c0eb1fc813e745bdb04d6c0
SHA256e19f3d8be2ee0d8ad3d8918607a346c229b9464d959be861a81e25dba8257b91
SHA5122f43d3ca6b3db3bf0b52699ebb128e1c070ebcfdf3a068117a2fe0499bab62cee0261ce21e509651eec10fe344746f4890f901d615a328dc7056196d88624c1d
-
Filesize
5KB
MD505d7088972c1b524912131d355352f99
SHA1f20ecc9acfdd6c341e0a7d9633947ac620931e62
SHA256378042e1d59ee1ffcfc664c021eed1ccbe7a7e85e96e6684a82925a03d8b4f19
SHA5124857b5df8b0b84cc37c6b4d0d01af0f3cbc40621b1eb8be78161e5946e8e8844fb8388140fb700d1442ded27e3ab2ff0685d2f70e0f0b8333ef99e6100aff37f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5129adaccb9e886ca510bc1abd0515beb
SHA109362927f083dcd7a470add1342d6cdbade55e4b
SHA256196d1e71d8af8725444f54f37901a991749583bb626ba50d32cc42e56c9dcb9d
SHA512e721f2f2b3457f4e7462054e8c6810fdccc39c48193ddda2d909850124bc82980a2d82de2a67ba560dda1d6f612f71a4fbc66a0415bbe507542734ea3b206d0f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5899da.TMP
Filesize48B
MD5d2ec409ad7a2b9e04d5682b57b7326d4
SHA13bce764521b8736e156459e5c88cf3273a35806c
SHA2568be7a9b203e1ca35bb78adb30740e2578b129a18740c5250e8773871cf48a1a7
SHA51281b95721b588112675b6b43ca1f52d38853c7074cd80a78cd3aa2c18b053491874117987cc2d41cf634aba0d51865d9f7d3e3fb6e470c6070d689f8f917f8e04
-
Filesize
4KB
MD55ff334acc8e6ae3e22f1ef38875826ad
SHA188a4795c629f4b0d7d080724ff5c300182c5c296
SHA25661661f4f4bd8de379251452e56ac7b2837e309ad9992b581fb25b9d69477acb9
SHA5120eacb6bed1221875e04aebacfeb9c77e6a0e1184d63260f05208d9b97daea9010205583b8ea5992385af215f7244442f1fb3e734856ea80127f609ca22af0a92
-
Filesize
4KB
MD5820c0dbaa7a1b420d09e3f7454792683
SHA1a2d3d7ec13c940673639ea8861d2eb8d532fa6ee
SHA256420d6b7e036dd3550438a29820d59e7565a9bfb88a78868f5bea65213dc559ca
SHA512d64711aecc4d2f444843502e272172579ef77cfeeb90a91f5819c470b0ca8560fbc8ce22be0f4362a220915c9e8733d5d31762aa0a8c934a2ed2df62fc785e6b
-
Filesize
4KB
MD553331221e18c0cc910d850413e9fc02d
SHA1177dee698ad1d08b8201610043efbadf2ebce72a
SHA2563e948412607e5b0d4e1753df7178525388a21e9e4ae05584882c2db6e5145896
SHA512fdb790bc39fc722942db60047bcaea9ec0b63a69035051d083e9643c1755594c7a733cbf60b436e05d3d9d6deeb8565243d54ea7c22ac1a8b925a365ee044d78
-
Filesize
4KB
MD555ccf226f498b18208ece77cf3e2f41f
SHA12c955d95bd388aae78172eb5aec87c1e1637ba39
SHA256571885d7c149fa08a7bc941427248b678602cdbc9e50a13f3eb98ec17bf30487
SHA5123701724982908cea55949df268740a1c73cb35b1d8315b879e6a9288d6d6a04ec9f0b9e1a7e919da23118d1af813fd887caf1bc42b70a258dc6d6127e72ea8be
-
Filesize
4KB
MD5deff94aa931ec2e925e54db217a0f546
SHA154b6e6eac087f32d7f56c189430d9c8f8c3eabee
SHA256514f090fbfa0d31283c551f1eaea7be58bb0d26d70576cce4279e67c7278aaec
SHA512c01b16035baf26a93af63ae25343c2490bb2ec8db3574e3a47942bf18520144cf1912739eeaeed69c20940bd2142da715ee1d4c0f3064c71c2c6c29072f3c7fb
-
Filesize
874B
MD54beb4e3dfd203b52302f8de8d5c9dd4c
SHA15a5f9ab11ec4103c339dafd4d4b416c9ab6c47d0
SHA256f4f9b1f49a3636361a91d677ad9f2c86dba135b67b02118f7485f421e3100016
SHA512882c1cd41dab4edd84f238dbe08e39dc26612b80c789a3be314e47c14007fb93ab0763f22ae70932c7472e33ac67f7d4ef96c6a0bffefc0d959916b11ed3bf4c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5dda7a4c540da14c05cfaf7fe98eab181
SHA114997e85ba17d19c73c992a753ba1e0e5619abe8
SHA25633bd9cbda8b6709c9ace442a52c1dd5a38225bff0a8da160260bf69919ea1fa3
SHA5122096083e9e08e63ae4e47f0ac9a1432d46eb09029e59a3bf3df55de8ee51c66f2ed9752338ebd9d56b30bbce9a86942a7dc22c0b7930a6846174511406040158