hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2fbitcardses[.]co[.]in%2findex[.]php%2fcampaigns%2foj0701a30y39b%2ftrack%2durl%2fgb510p7leha01%2f1b25e0387797284c7ff44cb82e824774a8fc9ced&umid=bad163d7-7136-4636-babe-0ed4a62bc34c&auth=91aa6b6af61377ece71c5ffa1ddd7cc65e996714-7bc59592a562ec1abecf3bc8567de0a6633381b6

Analysis

max time kernel
166s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fbitcardses.co.in%2findex.php%2fcampaigns%2foj0701a30y39b%2ftrack%2durl%2fgb510p7leha01%2f1b25e0387797284c7ff44cb82e824774a8fc9ced&umid=bad163d7-7136-4636-babe-0ed4a62bc34c&auth=91aa6b6af61377ece71c5ffa1ddd7cc65e996714-7bc59592a562ec1abecf3bc8567de0a6633381b6

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-618519468-4027732583-1827558364-1000\{D19607E9-7CF0-42F0-953F-146C9DD263A5}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
2092	msedge.exe
2092	msedge.exe
2076	identity_helper.exe
2076	identity_helper.exe
4340	msedge.exe
4340	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 3296	2092	msedge.exe	83
PID 2092 wrote to memory of 3296	2092	msedge.exe	83
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 1580	2092	msedge.exe	84
PID 2092 wrote to memory of 4568	2092	msedge.exe	85
PID 2092 wrote to memory of 4568	2092	msedge.exe	85
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86
PID 2092 wrote to memory of 844	2092	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fbitcardses.co.in%2findex.php%2fcampaigns%2foj0701a30y39b%2ftrack%2durl%2fgb510p7leha01%2f1b25e0387797284c7ff44cb82e824774a8fc9ced&umid=bad163d7-7136-4636-babe-0ed4a62bc34c&auth=91aa6b6af61377ece71c5ffa1ddd7cc65e996714-7bc59592a562ec1abecf3bc8567de0a6633381b6
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ae346f8,0x7ffa1ae34708,0x7ffa1ae34718
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,6958941785983183682,4499461604783632037,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
175KB

MD5
2a9c0a1074358185eeb6b70954ebdfe9

SHA1
c944e4dc2d1c703937ba0c9ada25927bb3373983

SHA256
4dadc11ec68efc62c2ec5fdddca582d3f3bc413b85351b5d3d7285cf8d2f0cd4

SHA512
29c9d5895fcbdcb5999a40a5068d378b86c50a2ccda983049dcf5b9a184fb2d1162fa0a7225f1a6ae07b993fa4d251f6aefe5df008c055fe1c2fc859c135b339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b933c4a6181bf582516eed07aa1a1152

SHA1
2f716acc947ebc5485e32846a14cf931a8d2656f

SHA256
0e52fe36043265890c6e6ef96c1a99022030cb8a8d614d47fc1e7c2477d5d1eb

SHA512
327f3e77370e5b8ce0c460682662e24515563cb15b9dad5b6bb81030f6d872202c02f48479190cd18221d8a9e802e7d56ffb2276cdadb651152ebd1b25866b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5c9675083f2e6a240f15d8dbd7985090

SHA1
653206dd8b993eb42aff36dd82095db00de3038c

SHA256
6d71a1c3f6dc766288ea1b9a404d00674644be7a48240e9c4f9455d378bf9d57

SHA512
ec5a67fe7ec6674dbcb9a174948e2f28898185369e825bbc503524a6171f3ce2ab54b736a8957b6dc051e2d2e2326b886494c11253865219cd94af0f7a3e6f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a6a993a428ae14b8825a78f68daee166

SHA1
cdde1902054da8c9d1bf6367ef3bc4f2073664a1

SHA256
274b930e843c3e3f6a5d01aac4c239d02b457c71a22f6f4e0f33f2ca798f3030

SHA512
eec715b2459988317353f52865291ccee994079756afcc328137044638bea74115febda3e1ed30b40178bf81e5ac2280902420b997798d37b2b431de4e34e500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
296833c565941fe74c3bd398625edf7d

SHA1
abe35d9a13b2f8816ed9001a28d5e3d3c57e35ec

SHA256
5167ed5f80add087b05ddf98d045ccbf9658f3e3f56eb751ba88895e3915b630

SHA512
d79212cdfb25fc467273aeae3f23e4390a8b5c104f3e1944147ea2cc828e61472e41bd9b5fc2130c6d453125e5d2c29c2dc8fee330d61e46d1ba4e54a3f6d4b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa25aa80892e5c86e99a93c24f19a17c

SHA1
c379d7deb60bbbc392db9727019252eb5111e503

SHA256
6d4de537f6a65c51823cf7cae20c6f90c529b710c2ee48c48bbbed327194da38

SHA512
097411573f47eed414bbe3a07a8e5836b7e9fe52eceb44573c4514f08b453154f6b8431743d0b0bf654ad1a83a56d14fcad7efd5faffcef06f613ca97c8ad554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98b221ca55de1eb2a04d87184b7d10c3

SHA1
0c0f824cdf3b09c7421a54118367b9e5ed550cd9

SHA256
1fc2651dcd3e8e4c678d9d0df60d16a6bd61065ce685bb34a39ebcd8a5103842

SHA512
de241f1a9a2e259f6832e9abece03cc126a10d13284db14a4ed65fdfb2e6f0b5395a339c95ed3a2aa5d51f1e36fd1c01aaf1f625b5fc67e8bc7b9f0283d5c7e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98da898c8274a3e41d10b6ea46e0b1ce

SHA1
edd4fb39c5a0ba09297e9c7e5f4a086e57b125a9

SHA256
da46e2f5102bdbacc67d57a874c6d93c305fe8dba068b99095b12f00e00e3f96

SHA512
b31733eeef5df7e22b07ff4ac9991e529c6040d399d08e86b3da01b6a60c97d0b4deb09fdcd1501cfdff153a376399f4936edc645c89b503f4646a38aef0b418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c865fb08a1596e1b899d6adc966125c

SHA1
5be19f90968995118c0b461adeaa22af26b1391d

SHA256
26fa0f4d49a465d0618c3edaa11def4ef2842cbc8954ec7bd4d0ad1a234426f9

SHA512
49803855d801aa9ac64ebca48b060ac5df33c43c1fa14986489bc1f30f3f6e4fd1f82e6345af33f4fb1edd0254f7b85cef1d14b071d8ac10e1ee5df70fc1f8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
50dba737589a576d693535a64386af3a

SHA1
e9f5880749902fcab257fa98dab554da00547de4

SHA256
a431a30c065944fad84d2e56630c5cc7628527de2e2b8b7deefa6cc50ae8e839

SHA512
863d99208f2c0785742315cb080f4f9c679a1e70f9b88ee093a9f165fba2da1c7595bc81d2d1470ad31c0d4e8a8be77e73ae13c5d737d27f3c6927d5e104d41a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585d5d.TMP

Filesize
48B

MD5
e2149ed8615da239fca64871148600bd

SHA1
32343373086e8f87a222974464c5548a6813f06f

SHA256
9a4c88892970bd82b1d1db0d5553a8561f2309bcf67c3f230b659a02c85d69ef

SHA512
dc65888a799e9ba344d181edce23a95e5f93d4301c36ed56116a74bc6d8db396c1a9fe1816c167d372f5f1aa9c02362aeb316001841852e134485915ec501832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e0f983f06a6fcb06940bbce0591758a

SHA1
d8f54037a5f18e2c9e6b11a46fa0a2aff1e23657

SHA256
1e14ff7e131f902f190e82962c3b039451c404a6b01e0f3d30702b0a56d153c5

SHA512
5f6a4707aff94397a7118e14d3c0a34de4903b2bb17c3e6c14f0a5314532f74093b304d088da5fb5141bde51d7654da6f1f4b7611aa5f52f57d2a5cf7d15ffee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b92.TMP

Filesize
203B

MD5
162b67dbd95b4d30de77f79e42b14bf4

SHA1
ed02397c6f13bc3c04ad4daf679fce5bc4a3df92

SHA256
b8252755645ba783f08084a9ef7ee49a186ddc64c1578ab83f3e230152657cd6

SHA512
52588b316ebb1aca640b1d8cfbd0da8f4447692a0bc3328742fddf6a03fb6200b2d64d69c46be0dd1e2e77b692875bc0e3a78917d311ec13e728680743f5045c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0671553ee266271601a35526eac8af32

SHA1
504fb363c051a41f9487b0cc570aacacafda6b46

SHA256
8b6c3f05fa6149354314b54a7f2fb8af3ebac641490ad29ad58b6c5516be9aad

SHA512
7a56259cca0009f90a548790ae37eff422bfc323b2939db73ed7cede098fed1678b080ff520c5b27929df2626d24c45146607d230d17f58b416879fd54b3b34d

Download Submit