Analysis
-
max time kernel
57s -
max time network
61s -
platform
windows10-2004_x64 -
resource
win10v2004-20250619-en -
resource tags
arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 18:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://i-print.net
Resource
win10v2004-20250619-en
General
-
Target
http://i-print.net
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959560557077084" msedge.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3008489981-1977616533-741913813-1000\{AC32B3FE-B5A8-4B32-B746-4E8424A08759} msedge.exe Key created \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3008489981-1977616533-741913813-1000\{EA3F8A02-D49A-46DC-9F56-7C5C8FB91DC6} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 5656 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5656 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 10 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe -
Suspicious use of SendNotifyMessage 8 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3140 wrote to memory of 2600 3140 msedge.exe 86 PID 3140 wrote to memory of 2600 3140 msedge.exe 86 PID 3140 wrote to memory of 3400 3140 msedge.exe 87 PID 3140 wrote to memory of 3400 3140 msedge.exe 87 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 3888 3140 msedge.exe 88 PID 3140 wrote to memory of 1728 3140 msedge.exe 89 PID 3140 wrote to memory of 1728 3140 msedge.exe 89 PID 3140 wrote to memory of 1728 3140 msedge.exe 89 PID 3140 wrote to memory of 1728 3140 msedge.exe 89 PID 3140 wrote to memory of 1728 3140 msedge.exe 89 PID 3140 wrote to memory of 1728 3140 msedge.exe 89 PID 3140 wrote to memory of 1728 3140 msedge.exe 89 PID 3140 wrote to memory of 1728 3140 msedge.exe 89 PID 3140 wrote to memory of 1728 3140 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://i-print.net1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x33c,0x7ffeea39f208,0x7ffeea39f214,0x7ffeea39f2202⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1892,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:32⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2212,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2432,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:12⤵PID:1880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4176,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4224,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:22⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3488,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:82⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:82⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5460,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5092,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:82⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5088,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:82⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5200,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:82⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5200,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:82⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3940,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:82⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5988,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:82⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:82⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6736,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:82⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:82⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6528,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:82⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:82⤵PID:5264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6780,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:12⤵PID:5512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5224,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:12⤵PID:5880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationServiceBroker --lang=en-US --service-sandbox-type=mf_cdm --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:82⤵PID:6044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7456,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=7472 /prefetch:82⤵PID:5228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7452,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:82⤵
- Modifies registry class
PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7576,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:5432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5060,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:82⤵PID:5172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4192,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:82⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6964,i,15906566562350014877,4934374244289893220,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:82⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:3464
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x508 0x3401⤵
- Suspicious use of AdjustPrivilegeToken
PID:5656
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD54a992a10640d6344e7745700db853422
SHA10cb44e7aa71bbda1d7211c9b5f7d18bb41fba0aa
SHA2560bfcbf1f3cbd91c4315a06aeba4be45111ba1ab56b6727ef0c76d2866678ba74
SHA51216526072c8dba67b2e34d6e3860b950d5e9716d9c4de3d350b24bb2a973b219ccdfb7aa24df491eb371d135b5eb3101f5ca6efe4926c662737f166b0bdf84701
-
Filesize
280B
MD58ebbabd70d90d3ae259730e802909d89
SHA15cad6856c4af65a1865863d0ee02d3ba0f7abc11
SHA2569942fb8a1a2999eaab60c301d85d17b489e324f0ff97ed72392c53f7250e3fce
SHA5123caa44a010ebc67051b7b1f14a94d20e02090e67294ee07a0ef7651d1abbc0eebc3e6e7f19ad7479fdb731a08718357a74c8c5e70fb1a9d95bbdedff2e75c7d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5b65464cab66430775282c7dde8053097
SHA1051b780364961a9336dcd2f3e8d6b87a4b9b359c
SHA25625c6a5992471dd79d30d9377ea8f7d23795a6e13125c9bc14f0472c9fadb900d
SHA512a467fc3a8f0b0f19f84438a0ca4aa5b3be2faaf6617fa7e921654661bc272a038b6a905765be9c50545d53a19376f582ad8c36d2cf03fc61557c3bfe1c6e2616
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58fc8b.TMP
Filesize3KB
MD54cae093c5a206589fb5e1436ef6b0fe3
SHA14273adf58b666c511f68d28102d2af8c80d8a97d
SHA25670e4bf9c9c79196f2c31746c2a66c6574f0e94275928f0ed2cec45f6ca766292
SHA5127ce0755caa98be27cd5d59ecfb59bab9d0d61a265af169822bef6825e7a46c8af0d7d400a4bda9a94a1479cd780a78012b6e5d77c67552cb817602e315e6819a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
Filesize9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD5c9ca170eb3c81784d8951dd3e093e727
SHA13f401c75b9d59d195ec80469c8fd65210e19145f
SHA25642d7b0f3101005994e2f23bbcbc56ed88033230a422ae7a5db3891374da97ca9
SHA512bd53394742549836a8a5c2014173edf7ed2da461b30dbd1f0f7d6c199f738d96fe5129810566a90ebbd6f36f499308201c804e42fb1140e5524614c2076cf705
-
Filesize
36KB
MD534274766c339eb47f09e1a12efe800ae
SHA1fe1421f7e32aaff76df13d3e52cb0455c7ed21cc
SHA25628229ad8c5deac82e0abfbfda052cc4004c4adf93758a0a5b33d77335d86f70d
SHA51231a3a50367bf951b9d5010e8205b53671566d66a9ad560a15a5c0d40be1d0be3e96ca3a7f6ced66e2e81eafe3553748df35d977913293559945a3948bcb90163
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD53193877894aebdd76d235597d810e822
SHA15eb85c6dc8ca68a7727f8227f35c5971cdf54a36
SHA2561f68b8171f47af026d79c8c359bb1ad1c8d8ad1dc4b49e08292f6874f3ccb3fb
SHA5126a5aedfb173e3e081c9d3322dc887545e749369b199494dd5c04ed38dc69b8b762991ff3c1da08740352287ab6b7a14aa3d57633d8ceb6fb03e2775ca25c3f6c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590016.TMP
Filesize48B
MD58ac7363148d8599f4bc6588746d0a03b
SHA122e6b59964b48abfc5300b1de492c7d9eb68e51e
SHA256abb3f7466f791db476bfc955a246fbf88b6a6dfdbdf5bfe45931f5faeefc58b5
SHA512aa00d4760ef271006f27e6ed39d84e56983b9e26c6491ab560de741b8ef6e932d5fe04aff9239f2d290cf287a8cc75015745a747ee186035dc3738512c93c4eb
-
Filesize
4KB
MD58b97366b30e4392c3d948daefba10b68
SHA134212fb89589de8c54c3d5b11a68c9262e973f1a
SHA256cd937054748e999fc78c8f17e10a790c6e4d0257e354c0f1dd5b28687f3aca73
SHA51288de59b6a312bed0756f2a02702a0a6d677a184ab625a77d167f09c620e5a59d0d2ddff8da9540e2d872a6780e17cab8bd9fd23ffed46bc3c5525a10497cee27
-
Filesize
28KB
MD58a901c08c6aa0fbb03b2be7d3e844532
SHA115efe2e8b354674e9755b11a276bb0d4ce400745
SHA2566914968cb16e362da4b60a8ff3d9a3ecf932ad9178664f71584328fded50702e
SHA512ca1ee122bb021c0d98b6a8ca17603f42f3c3c9072a2f4d0caebd70dfb7e3e6cf293f32aff727076632b184bdc63ed82dd0e22f264b6ba0cf30df7622bc931bc3
-
Filesize
7KB
MD547177c0f06b91c508a131cf25b2a87ea
SHA1e7c12214f64952f29ae150e0e53fea92aa10c01b
SHA25654e806d22de168a67448d65e1b496172149ded82f088711b41db3f7b6da72f14
SHA5122826e3bcbf605def76f6c51eb6a0520a860fe065cc805c707acad75bae4d4a26957f30ea9d0a9e8ec9e69b47398e63c7b394e7fe2645524a0928d9335c904ad5
-
Filesize
7KB
MD5ec80f9c0c91406fc58120c576430d59b
SHA1c5e50462c9e26601e687142ba1258745c3b919f4
SHA25673169d241deb6e2be3e589f7042a4c10b44ff12205b92020ee1b28b7bc68fb3a
SHA5129be4c95e24039d839ed4b718ca23635029948b6f21c1fb38b943307537d807657d7eeb2ae079970321732ba6eb287ffd2777e319c03962ec5f75796a8d6d9d8f
-
Filesize
392B
MD536c813e62535c2e6a2706b9397892ec4
SHA19164305974c0530f115e82ff40a7d85426f296cb
SHA2566a868b6fec01b9afea04e6324371cfbb617f6ce9063d6436b70cc33e5794878a
SHA5126f7ea56c5d46f6318147fd1a4b3b8a0062a7af896345434e76ee3d2577ac4063f89c9653d9bb72e2c0b57a7abeb4b1fa003d9a8268c72d0bcca4a4d66084d30e
-
Filesize
392B
MD5f5ff694ca3855564652fb9ebc2cec60b
SHA1ad3fe07f3b7731c9bc6e4e98580ef65e8a793ba4
SHA2561bf3926c2ccb9541e56c52fba39c6e40fb392082c8d3143d2895e1f6e178ded6
SHA51250a8d6ac61d87d1fb3768fa1e72b971619c3081c38b579a6dbb74d8d451a31bb691ea6d24eb66b50177878d8454c43eb38d08af2bff4347cfb713837322bd6f9
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5261c43b7b46e4830296a811cc0b9937c
SHA11634919f179268d73334a6a57900121a194c4cfc
SHA2564fe9415d8cf0daa93c93b804f61a13cb6f2916e0ca8263561e14af15246e8c0b
SHA5122ad2fba28cca4a933777d1e41c8ae364f4b44334c26bb981a7979a92ce8de9ddbd2a0a7adce27bcf18b24d277df6f4cae9d58c74392d10c58f93b2511176b29c
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be