Overview

overview

1

Static

static

1

URLScan

urlscan

https://www.zupimage...

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/07/2023, 08:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.zupimages.net/up/23/28/o48m.png

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.zupimages.net/up/23/28/o48m.png
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:228
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb5ce46f8,0x7ffdb5ce4708,0x7ffdb5ce4718
      2⤵
        PID:3188
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:1908
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3724
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
          2⤵
            PID:3612
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:4256
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
              2⤵
                PID:2832
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                2⤵
                  PID:4128
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                  2⤵
                    PID:2748
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                    2⤵
                      PID:3944
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
                      2⤵
                        PID:844
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                        2⤵
                          PID:3916
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                          2⤵
                            PID:408
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
                            2⤵
                              PID:1500
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                              2⤵
                                PID:4652
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
                                2⤵
                                  PID:3888
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
                                  2⤵
                                    PID:1268
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:924
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
                                    2⤵
                                      PID:5240
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
                                      2⤵
                                        PID:5224
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
                                        2⤵
                                          PID:5216
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
                                          2⤵
                                            PID:5208
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
                                            2⤵
                                              PID:5200
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
                                              2⤵
                                                PID:5192
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
                                                2⤵
                                                  PID:5184
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
                                                  2⤵
                                                    PID:5176
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
                                                    2⤵
                                                      PID:5168
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
                                                      2⤵
                                                        PID:5160
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
                                                        2⤵
                                                          PID:5824
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
                                                          2⤵
                                                            PID:5816
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9460 /prefetch:1
                                                            2⤵
                                                              PID:6068
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
                                                              2⤵
                                                                PID:6084
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
                                                                2⤵
                                                                  PID:816
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
                                                                  2⤵
                                                                    PID:3064
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
                                                                    2⤵
                                                                      PID:6220
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1
                                                                      2⤵
                                                                        PID:6328
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1
                                                                        2⤵
                                                                          PID:6408
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
                                                                          2⤵
                                                                            PID:6400
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10160 /prefetch:1
                                                                            2⤵
                                                                              PID:6416
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10564 /prefetch:1
                                                                              2⤵
                                                                                PID:6480
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:1
                                                                                2⤵
                                                                                  PID:6444
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10164 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6432
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:1
                                                                                    2⤵
                                                                                      PID:6424
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6896
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11104 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6888
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11156 /prefetch:1
                                                                                          2⤵
                                                                                            PID:7128
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:1
                                                                                            2⤵
                                                                                              PID:7120
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                                                                                              2⤵
                                                                                                PID:7592
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13788523248367033838,17462377523555910407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2
                                                                                                2⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:4168
                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                              1⤵
                                                                                                PID:1504
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:4660

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v6

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                  Filesize

                                                                                                  152B

                                                                                                  MD5

                                                                                                  a7ad9bb1054aa03e39b3554833d0c3ec

                                                                                                  SHA1

                                                                                                  cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

                                                                                                  SHA256

                                                                                                  0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

                                                                                                  SHA512

                                                                                                  d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\85694421-d57d-4c53-8b49-fb552dd36ba3.tmp
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  82bc2b07e09d3e16963dc9de257932a7

                                                                                                  SHA1

                                                                                                  e3a1d9634a8381d2021268c0dc20e4d7e7af68ed

                                                                                                  SHA256

                                                                                                  80040638ae536936811a21b8ffa1b267cf3d169a83d354b142a4689091607765

                                                                                                  SHA512

                                                                                                  dc833c02b1c747f49b8b3ea6595d6a6671a78c121d69290fedf842621e0078fe6659373c0e0bed9f040b480720b9215c9f3cb9aec064ce9c29388270fc34440e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  20618273803b9fced8f9864056ec123e

                                                                                                  SHA1

                                                                                                  14bd9c5a0c1743cd64d53504ccf53a5c9242715b

                                                                                                  SHA256

                                                                                                  cfe34e1ee88057a471d3a6fe082c5dc365586305dfc0dd18f048bbd3dd57fe84

                                                                                                  SHA512

                                                                                                  f69da208f7230526cd3929103e90a27abb1fb580e4fe73b68403b816f62634fa797f119908f3ac9b8a0305f2d34bc3b974cbee0709a730b56f8084396d8de652

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                  Filesize

                                                                                                  111B

                                                                                                  MD5

                                                                                                  285252a2f6327d41eab203dc2f402c67

                                                                                                  SHA1

                                                                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                  SHA256

                                                                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                  SHA512

                                                                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                  Filesize

                                                                                                  9KB

                                                                                                  MD5

                                                                                                  e988202eda2930139115822bc380c7ce

                                                                                                  SHA1

                                                                                                  3f6c95cac43d2d51d5a0fe270373aed0b40a6c0e

                                                                                                  SHA256

                                                                                                  c975bfa7216240502a674155e5bf37d6ab3a645bd0bf2dc7dd0fa794a8aaede0

                                                                                                  SHA512

                                                                                                  e0756a23b6f9704bdfad4892ac8ee7a14ed28f0387269b2d50846a4ede29d4a6b492a3b08f249d877f2f33b7eefaafc68cb569d2a8863f6c32f7e495d8988bd9

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  b7532d16340e3a59e97e9b968c635bf9

                                                                                                  SHA1

                                                                                                  009ad2a90caf539010294816be5fc4a2011737e4

                                                                                                  SHA256

                                                                                                  4d64f0a704d53fe218bc658cfa0a541c84f00c22663c150e7f545908670bfdbb

                                                                                                  SHA512

                                                                                                  db07acf3805d38f43518b1518ca53b1c4109e1f4e55a321a32934c671c563c408c023ed070664bf05b1a875e22c884d6048df1181504777d50b76f87fe200d56

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  14KB

                                                                                                  MD5

                                                                                                  8f142f772ebb5d40d4621025e1025864

                                                                                                  SHA1

                                                                                                  27311b1ecdef6f57ecfa34792bf6d43d5a2b5f3b

                                                                                                  SHA256

                                                                                                  86be420efaf7919c0d2671a785b5876d6d1c25545b3dc3dbe312025303aaa14e

                                                                                                  SHA512

                                                                                                  b62226641cb2269e2cfe8e8064b408e1738b2b49835622d187f79dd338ffdc6247d45659832c047dd5170873a2107f2056b3233e6e75280f086edef04961f2f9

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                  Filesize

                                                                                                  24KB

                                                                                                  MD5

                                                                                                  e62cc4051e1f8eaa0abda5d730a2496b

                                                                                                  SHA1

                                                                                                  d15346e40b196bc313cbfe5ac96b3c90b83345be

                                                                                                  SHA256

                                                                                                  ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

                                                                                                  SHA512

                                                                                                  3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  e967b9d7da8f00c2bd502037f0c45bc7

                                                                                                  SHA1

                                                                                                  63c141ade7bfa1569b12f0b95c65eb3ad8c0281d

                                                                                                  SHA256

                                                                                                  bba681baacdff1da4cf0fa2e5cf87e7c211c3cd5488a4a15e0f0bb40f8efbb31

                                                                                                  SHA512

                                                                                                  c27470153e802ef8d329e7122ec55c0f5b7c12e368dd2761d7a0475582a3a877794d5c94dbd9dcfb9f6b0b95119a5cb4840776786a7b6e712a0c6953a115f05e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  5e01eb82f1dd8d2e6eba37c16c3a2fb8

                                                                                                  SHA1

                                                                                                  8d1a7ad5350c5a33764c8c895a345189708e5468

                                                                                                  SHA256

                                                                                                  7866f2d165c31218ffa413c1e0ace44bbf4e0c08bbd51ca212325535567abb23

                                                                                                  SHA512

                                                                                                  6ab4f76086c5e4568375ac0971cab718d1de7b0a42976711fb54e02a3f31219f042f1c487074b984dfbb6f7791a82333d0e4445f170bb4c6e9d7dbff1f3c2fb2

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  84044bdeb5568a5f5f95e400e41e953e

                                                                                                  SHA1

                                                                                                  f72cbaa58f756960d365eef4c93cea7288da680d

                                                                                                  SHA256

                                                                                                  6f58589b026ea8ff766ea9980ba4688faca3989243b72e90264d33784c4cfeda

                                                                                                  SHA512

                                                                                                  972211c6b273db3fc73ff8dabdaad8321e65690a898ddfe90340858d7d3a8256370c1a64ab5045ac88d035cd5708c4fe67e4f7cbbef5b38b233dc2a24ea8a082

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  469424bf5d27c3623f3bd12523607f02

                                                                                                  SHA1

                                                                                                  982db66d4d893de05e328a15b5f2348b1c128bcf

                                                                                                  SHA256

                                                                                                  92585e83f354a6d31015ed8c8f459e89e39e557684bd1bffb33828f3798601b6

                                                                                                  SHA512

                                                                                                  d513c2aa41f499d76aafabab906a68152a2c70431ba903be61f735ed68b78dd49240cb3ec298ce3d9891e8c97f0f8a7ec6260d857865f0277f3f372bf6a49e44

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  eedb995aa19a62533db1019e6f59ff01

                                                                                                  SHA1

                                                                                                  dc24ea958f7f581a413dfd4d7ba0b2384f480825

                                                                                                  SHA256

                                                                                                  9dafb39effcb46bf3704f9bda22d9aa6748b271622f989d19fac0929965b557e

                                                                                                  SHA512

                                                                                                  b5359d35f85d3147c2594a8a385c1453d355570d3a466fffd70242a9f8d2e6667ebf232f928ea25d87deddc7d5f33070ca43393fd8604c15e0ead5d052ce54e3

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  454dd09d805f88874cd7781eb5554062

                                                                                                  SHA1

                                                                                                  203cdaa9ee46ff97b55614afcf87923c8db8ba0a

                                                                                                  SHA256

                                                                                                  1d48a2ee0ff47da5f69c9a4812fb4567286554d171997ecf1abbd3d59a7d6d00

                                                                                                  SHA512

                                                                                                  207c249ed976437bfc697db62662ae80a1b24879fdcb24db0e3112fecbde1ec874f88ecdffb564d3f38dc5e6a81f92f162d2324492c86e40042745ac35d42efa

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bc0c.TMP
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  38fceacf3d3d27ab407fd7cb0649404b

                                                                                                  SHA1

                                                                                                  274c4221daaf3b70f1414f64d64c7cb6587ccb4b

                                                                                                  SHA256

                                                                                                  8ee8556d9e2cb243dd25663a7247a605a1dabbd2393e8b95cc42d87c60c5d38e

                                                                                                  SHA512

                                                                                                  84401a1a53f9bc7e341ac936c9b882afeb101d9b89b373e83d4015d5e13ef71dfff29310149f784a22afeffbd6a2eed17ab46214ea7fdebc2e7fd3259ebc7864

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                  Filesize

                                                                                                  16B

                                                                                                  MD5

                                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                                  SHA1

                                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                  SHA256

                                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                  SHA512

                                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  12KB

                                                                                                  MD5

                                                                                                  6e818dd4330dc03e893ab9d0da224559

                                                                                                  SHA1

                                                                                                  935d1932e977406d03f24f0dd15f20fe0503770f

                                                                                                  SHA256

                                                                                                  52ef95f445b324b79d6624748a732dd7099569cf22420c1190a271d272b32e95

                                                                                                  SHA512

                                                                                                  51f0ce1408cad4ee3d830e45bcd2c362c2007d3e3fc4a8fcbc3125ce36ef19c7376b88943ea368c309d4398fd13a0529d4fb6a49037f8b1fc68a628bfec95b59

                                                                                                  Download Submit