hxxp://avast[.]securebrowser[.]com

Analysis

max time kernel
196s
max time network
215s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://avast.securebrowser.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{16A7A555-D39D-41C9-B9E2-E21C46AA06D1}.catalogItem	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
4152	msedge.exe
4152	msedge.exe
2604	identity_helper.exe
2604	identity_helper.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 4908	2292	msedge.exe	85
PID 2292 wrote to memory of 4908	2292	msedge.exe	85
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 3584	2292	msedge.exe	87
PID 2292 wrote to memory of 4152	2292	msedge.exe	86
PID 2292 wrote to memory of 4152	2292	msedge.exe	86
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88
PID 2292 wrote to memory of 928	2292	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://avast.securebrowser.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2a8846f8,0x7ffb2a884708,0x7ffb2a884718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,6148226281172103734,16243530750506723849,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1188

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
69KB

MD5
62ca427ced7382831a3890f420f0211c

SHA1
fe7d83ab41f72e33e11823d4173ef9e1c6c7cb9e

SHA256
7f525cc7e8fbeb6a7da2ea173a2fbe28865670a7f58db3692ddaa1e0b9b89bb2

SHA512
3a93948dabd610919092685d3619c324bf4e034a2e6c60feb40def2376f7689446a6229e30a89bdc52798963fa1c3bbe1eaaa78cc3792bff012a77008bee63b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
50KB

MD5
371af0b2c61a59a2b6be16d3b0e436b4

SHA1
7c79625f085a2504c6d996f6fb319a6db5ae18af

SHA256
1f9fa0352358ec3960d0ff966fdcef80fc2242221cdd24a4d7121100e5fed3ad

SHA512
0938d931ee1a8faaa306bb3274b84e52da1f9a9438f857d5e93e1204478c4b8f655ccfac2fb28cae5947bcd10e9aeec6c04bfb43458c044d8a3c573bcd21b9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
66KB

MD5
b901d34f561521ea76c80b83fc676d86

SHA1
50074255ef6a5d81c2a837f94d6a00e263ded9e2

SHA256
850840a37f685bb812cb9398b3cfd4b67c4e783e8b96b0349f3d787e2772a322

SHA512
567d66b99fa663104fbbc2e8fdd44f7f647ce4c6471f8d45ae83465bb00076794646bf35fcb377177dcc8bf0229d9b92b55a3924f86af8906877de52e7fece3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
130KB

MD5
353382478e771ba71a075da9e8f93ded

SHA1
8c7d7386a5f2786141d27afc17a0f2d08f03c0a8

SHA256
bd843c1026c1df64c57fbc2758f33650c7610426a5454f6e70817a2de0dadedd

SHA512
862d650a3a9ff959201394aca6bfef13b2b9215cc2c4334208e81f845133c9da9f6324cdb1513ebc6bfbdb7ef5a38969e0dab85e64bb152d0f582d10875b7871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
79KB

MD5
b27a88f5ada1ed7d9b6d28a89f2d20bb

SHA1
e6889172ee2924344477ea9dcc212b14c6e4c25f

SHA256
8a2ed1cbc013e844516859c603d60232f499f55deb8ea5e303203422d1ba01ff

SHA512
c4dbff05f219ee5a1ec215f356309af57837e6c2a516e6329386e826623ed11c5452f2108ff56090de7d48c5defe58f49184daeb06d05913d6b24e3eeca3b44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
67KB

MD5
2c53e9495755921fc0b72df5a86c4c94

SHA1
11b4f19b0359ebe97af787100846c0816ad86a3b

SHA256
2eac60162f03b4e75d500f1574034adc94b222d01eb4ce7d9256623afc8cfaa2

SHA512
c02e066ea096d4191abeb8773c1595ccc8ce7315ca16815baf51e60ce771c44bc7d6fb1f542f592b305d9e44bcc8c0b2d21f515869d7f6b33b4bcd6a35421015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
49KB

MD5
1411b06360cdba5d26b69999fb841ddb

SHA1
ccd2adba5f71598ecd9f7296c2894d8747a6546e

SHA256
295ef77c670116a79a738d5e177af770ac50606177b52bc42c1ce44d1d56567e

SHA512
79b9a194254863d1dec1b868caed939b82d8683c68b82997ac05eb1e51a94e7eba1e960f69c10ddcf64a9e4da55a0a146c30aa7aa4d15991ae2e13c6c5221947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
81KB

MD5
172a361004bbf2d5c5a2e115af5c02cb

SHA1
b58e6db64ef3f11bf4a7c8aa174c135a5e787527

SHA256
05a12cbbf4e6d69cbec731181be408db2c16a945d606cc182cf7303b1ebdf542

SHA512
7e3718b0a0bcb29ab6ce42d9b3f0566a7468793b44b8f683c9ab378bd32f1ab20698b8cec4583e4021f166e0f0017fc24d24516d3bb6cbffcf7c3512537216f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
81KB

MD5
1d64d950b9260a628a5072f8357db096

SHA1
d6a5f4611a75fa89c622776411c4e3420eb99b35

SHA256
06f6e11b802d28a2b878436cbae265e75c7512a5da6332aa1ac8c0c0cd1343a7

SHA512
4e8a3a992f58b3232abe926022808c35861654d85f08d17e099bab084c7c949891d44d8d482ab561107cb50ae0754d594a0c6f715d3d0d90db129f68f8591f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
0b02527f9816ca198748917b2e3bf217

SHA1
a9fe9bd3516cf7f797bf7e2c39eae61491102ab0

SHA256
0f1efbd95972209f3fbb4b563c9d28d4153ce84ea5ab44de2cbc2dd18f1dad2d

SHA512
a19c8d49714700d6e2101550f287f0dfa8c9c895f5be351d9cb05449667f70ca9f8bd17453972a9fa14ae9b44897d932210ffe6899e7a7f2953bd6cba699ac12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
81KB

MD5
fde0ba0d62749e82cb2b9739ce0a7ce2

SHA1
97d3a9e9c13002547a40dd6d35d9b9eb7b50b23d

SHA256
6d1ec9793dc7b90adca5c969dc804744f89a6567ec6bff02068538fe4b4fe779

SHA512
b3bbd24625b51a3f14a841d6c17d4b983a359f25d869e44acd34e827933e351933875841c5fa29ad8827a73ec0c7143eb573f21061b7388dbd38855dff9e55f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
da555f39989daf861539f8a358b97046

SHA1
3b55ee32a6e156275ca28d0a174870a87bb67e65

SHA256
783d287ffed61b5de3952249d376369c3016c263448d0c1239608ac3bed837f3

SHA512
869706f4e1167872d6eb53e6e0eeb10806b8f48adf21e2718d14310ce4540aa3efaa963b964d6f4dff03af830b14a67aaff0212fb30fdea1a3c9e2ea2bd07b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
606d6ca35af82f6525b1f52c82eb9c2c

SHA1
4044d03e77cf2aff0f280f19d42dd050c885e94b

SHA256
cb6197d4b132f5b1dbf95b0bd9b02e0e2c12ae48438ab7235099added57e2756

SHA512
dc70e5acba5175eccec9f194a3224b739779d16e610981768529f0347876027c253040cfd571603a6d3c998a09fdd81d584eef906ae6e5df0814ed51c0fe4a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cdcb4f6c923049db5edb59dfb11ff64b

SHA1
aef6ad3f8f80fd4bd75fe1bcfd005e4a09794681

SHA256
b4bec0d3c3200e706fa1492cfae70d641855daf98da4349d73aa37a1064593d1

SHA512
e53debdf330403e0b70a7d95f726037af48c6d30b007194efcad5e4238ce038f5a90068f5ed6f22d20a933d3c69fd5326146c5a1bab9b603d3da1bc2bbc7a808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
001f3e9f5681d82937d05431d8e5c959

SHA1
ed7c112d5ef6f317945e439424299394ef653da4

SHA256
cf90a35ec68cdacd979c195754c165f928119c9ee96191ebcf66fc51b0a91e7f

SHA512
b6da56e46a4149e24567e6ac9fab36a1c256b877ac761e00ba8f8f50790581742e2dfe55ea9f4f35ad8ce147fc98d4a1debfe2536a80e243c97070f8e283a618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c907ce8552c2f8e5445a80d5c4897181

SHA1
aa49f7c76172e2308081b010d6a46bad1b5fc5fb

SHA256
041653df5baa0fba460956ca3c243f43720fc610567ca67aa5ebf189257cbabf

SHA512
5c732484831bfac26f8b1ab09a632732ce6cc1a635c28470839f4018dd0c1f62954a1b0210b918b22e6f0d2211cf1212985ac22691800639965391f2877129c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd4ec112b0c85c19983875907b5e0d33

SHA1
ceba110472debba77a0da8f5b1962fb4d7ee945c

SHA256
84efb3dcfbd37a388ab15d719423895792108d83bbe7565ea2f5a2edc19fc352

SHA512
efbf04383eb4e914f85a3d289f77f47727b67a93a0b34533dd4345616f1013df2583a49b4e3ff9ae31ce8c7237f0738477cf64a9786df04ecbc75daf7d446cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
323d108dcfa7612021861539edfc7514

SHA1
427517b55359a39e23bd76d1c4ec20937ae4c0b3

SHA256
796f4f147945edfa42073e59eb30c62fdf871567ff19f7d32e003bd89961b5c5

SHA512
41b58bc9ceff1f3003b990d0a8ac016fd5877404195b8e4b9a4150dc9462a682cb2ebb37e3273e0c05e2e992601219058e14e525bf073253df738a5e5b7e351f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0288b1c45a377a871abbe4014791daee

SHA1
dcc525be9fb90b6d8d5a0888b92d4f71968187f0

SHA256
96b7a1446abd17e37e21e29d9c8910c9c2d397829216218d8a09fcc3ffb5b259

SHA512
530e208b73cf0d46e93e31f810735b7af0b7222a41251dd09ceeddd3133722b4f2f7444e0c270e278afb70db5e6089f28aad0a1368468901ff11d29bd99eae55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
93c66cb4ee447be98b44243dc1691066

SHA1
e48841b36583822662ca1670dfeb86bd9b5c1abc

SHA256
0e08e4fd0114d746389bbb14fa7e64fa351e1f3f7459c5f07052164723b01fe8

SHA512
bc92a7a035092287c78bb347e9de6c5484a7df5415515791a75a08cf70af91cc335476c7a6db116739df3a3d401432cb66067305045284ac27860fdff7491922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f105d7c2c121d54a1b3cba29f9d73bd

SHA1
78701fb4c4ab14c8150a984f99c8da76da52d2bc

SHA256
486cc7019a4dc27df732385b06228bb9acac3f8a69aacec821389f1d80bc492a

SHA512
0ddda7a7d84e0812952936dcf985de686334efcba53aea46dddffc4cf1dbe31cb688895ec83d7de42901c52a8bf8c8a6f443ebb0e8fb7911c459a392b6defa85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10debbf5bd16c7eda9515f9e545fe6e9

SHA1
37de2a00b9973f39548dbe9913ca333e3458dbf8

SHA256
01a3f1407a3ee58a9d9e4d87b9ca501a74331aba4d07e4edeae7d8083e26d1a9

SHA512
523d3e328b6b523ac3fc49bcdc2f7b3551cc7a0b3b7b59383a8746cb08beee4caf4037e6e56657eb30aefe289a8d6cf55571fb6785080afb371e614379376237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe595395.TMP

Filesize
99B

MD5
105ad93018800e10b651b36fef1d5f81

SHA1
454523e4de299555fcf98d7ac47a1efde4379bc0

SHA256
bb3013cf47784df90e57f2fc7e1d68a903308580c4351e3de110e79c2d89950a

SHA512
ee8036fe0d958298282c8afc2a6e8b5fb998ebf4e1f22affcc6226d1041e42061334f957371fe4ef4a397fc5eaf0476c33d507f7e3c5dd3dd3309a468d520f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97653db94cd5531cb2fedeaa7ae5bc25

SHA1
7294436bd25f472348dc3fdfc290fea921d23de8

SHA256
2012b4d0d18f9540680bb419aaa088c4ef1d57b3aaa14978274782515fae0d88

SHA512
05c347b52a7ee62bc0cdc85874f53c0ee800551bdcf32c20d0707fa55d1a663292237d208c46d87c87c9355d79f360da9311bccdf1a6b034056affcefcf61509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
befc99864141562c535648ab9b22ceb6

SHA1
e0d285a5ebb781725f7ba84c34309919f1c80998

SHA256
8e9c9072a3a7f8e66572efc995e1285e24cad15495da79298222084daed8d473

SHA512
cb8d44d134a37412f9eacac340fdc4660aa90bfb6896e9c5ac796ce2cb753d78c209494cdf85d5e037a095225e6c354fc6eca1e47edbb26d2f149f8822091234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
184954768fae65d66ca14800d4bce891

SHA1
527692e9605e7446113287cd2f6ac766c13061b1

SHA256
2edcdb21b2d56e05cf00c7ba6ced1b3f5655eb1eef0fffc7e780ddb5fe947844

SHA512
a3ff530c853661c7bb76bcd53a58577d7e46b4dcb932f114c40082645ed12b0bde3c5c31a9dcd00bc2a5e6c01336e86c3bbb3f1ab5ff4b03bbee878ca16d3a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
015d18273ae6186c900205254ed84d69

SHA1
e23b9ddf14dd743eb7ae7b75d083d44f1613e8fc

SHA256
40aaa0e8022392d1877765e7f5f9508246e18f54343c8adcf82a90137a5ee53b

SHA512
2704067ff5cfbbdc92ef2ae25699cea7602099c9a9d5b1ab59bc3da530b62b363e450bea470bc09d05c80e243c0076fba318f0e2f01f3ebdd8288b4fe50c7e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c33b.TMP

Filesize
1KB

MD5
02ab4b12e047db952a277a7794c7d7c3

SHA1
9b09fe9bfd30b430e68deb5b96fb8058aba572b4

SHA256
cde5d05e5abf67c6a273f35f280bbab9d37e8deb1711c8ecef6fb802bd1b9aef

SHA512
c05712cf50bae906662653dffc72ca4da66c00552f6be6edf3b5e38333e016ce27f0ce98b2bbc4109cb2317239f7a283636d81f20e40cf93d639144037ff8d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cc2f8bd9b1d54a60cbb7dd3f70f176b5

SHA1
12aee3f77e9eeda767f470b2f5908bd42ff16e7b

SHA256
b14f27f3c19fb8b06cda59ac5bb6752b4fa8e38707f5717614d0990334521ce5

SHA512
5a12abf9a65609e6077c3a68652e8eaba5e15fe99d85d4f90743c35a6a954db398af47e94f5b00ec9d94f79228d76838857512c8dd09bafd7973527c6c423043

Download Submit