hxxps://www[.]mediafire[.]com/file/2sdaipw6j4dja6v/August2023[.]pdf/file

Resubmissions

27/08/2023, 17:15

230827-vspg5sca23 1

27/08/2023, 17:11

230827-vqbs9sdg4z 1

Analysis

max time kernel
171s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 17:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/2sdaipw6j4dja6v/August2023.pdf/file

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3468	msedge.exe
3468	msedge.exe
4288	identity_helper.exe
4288	identity_helper.exe
5888	msedge.exe
5888	msedge.exe
6124	msedge.exe
6124	msedge.exe
6124	msedge.exe
6124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 996	3468	msedge.exe	67
PID 3468 wrote to memory of 996	3468	msedge.exe	67
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 720	3468	msedge.exe	82
PID 3468 wrote to memory of 3752	3468	msedge.exe	84
PID 3468 wrote to memory of 3752	3468	msedge.exe	84
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83
PID 3468 wrote to memory of 4728	3468	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/2sdaipw6j4dja6v/August2023.pdf/file
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd54b446f8,0x7ffd54b44708,0x7ffd54b44718
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11867017830030459612,2488075774944970688,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
68KB

MD5
52f74668fa24a0d70dc400853f9ecbc4

SHA1
c76b0804da8e4ccce130d887892e06a42da39a04

SHA256
0f0d526f4e3bb0b605fb601b1eb3b8c012032cee0d551435d808866817d7f414

SHA512
ef6110c2726a88691946fb0cf5341d3afb56fec86e37989f8a5face4131de0a402a6d91859b5efc4da528bf25977413562d56b53c4975e65820459d83639846c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
31KB

MD5
b69c38e075dd46f55b58901bba9e3f75

SHA1
cf0f88b021b4414b92b8059e09ce57f2bd63f6c8

SHA256
83e26f0148938a750331dbc3b730cbd3a5507ee33746324a949c22c326842002

SHA512
b790b8938e8f37d0b5f8acf33294b04cdde979b48d6e5ac8f73ca3f0c31db65c95ca24c0e6deafab8a40705bd5dd0963588b2988c9675cdf6500737a53fbd4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
38KB

MD5
2b7ec9fe5044c75348bc52964bf50b78

SHA1
039e784c53ba423877c5c845ffb044abbf4c110e

SHA256
71c9403962b1f930169325d2c812125a0088d2a695609486bb6f31185e84ff97

SHA512
92cb64599e198177093bda32e1c962fdccaa049d9875292b97c6b014d0d0afde750dcef27151751dda3f8639df41bed611bce7816c04d4e581b17b132d169016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
18KB

MD5
e75cd150d9f0300b5c554c59e191b548

SHA1
68df9384078b2b7ddf33668339636193dc11588a

SHA256
34766fee75133d93e34b4d683922ccf2cd745b4a2cd7fbb77d02af92ca9e73cb

SHA512
eb0255e2718754360a11e7f8dd6409ba1e06b5580f2edbb1a4dc920a5ff4ea81624e3686bce98a5444fd6e41049a72f7d2743a76b2ada63c6c677781fb42d5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a17b38faf5ec0e0_0

Filesize
38KB

MD5
88e2e9bf023fe37ce13b5a8ea1a1007f

SHA1
efcdb88ebfa4520f29ede242b119fad97c4a7565

SHA256
5298776eac797cfe70e1172d033cbd54cf2149e34c4832ad958ed998ed67dc9c

SHA512
c46de975afbf29da3a3fc66d1e6ea2ae55eaf91bdcaed1e533f292f8d7d29a44f6797a91b5119ee58e18252ace818e062b3e19570a539f1ebb4ce6e1fc6cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
51239326ea734a1e8f92d4e871af07b9

SHA1
0e9e15c749335f7a3f70b56b062a8cbe952a5484

SHA256
9f2b930639d82ab6bbd72c46e2a55619732eeee756f2b65dda7934ecb719d260

SHA512
5780a0d9929994bbfc9a46b91ce84579b71c4f30cbde364180ad2e8b703e6440d75963af2af55c9135d67e05586e158ee834df1b75ba58529393a17daef41aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6407e38abfe118918a80c55e0b990396

SHA1
995606a6d1561c5d28124a648aade55f52af8c1b

SHA256
31dad3a5601fe979e5afa2c4f4c22f8b16aae533e9f6ab352b7b177e2129e2ca

SHA512
9c1016db002945281a28cdbc3c2a147f65bd8e8d68a0d68575881235fd302a6ea621818c8c64d47b2d5a272620d6a17f77f614ac8f76a8ab03e03a28940281f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
72073b3a16f0fbcb95a46f1e0ebd31ff

SHA1
ed0552d50bf0ba98a6d5a202a041eacb52c11694

SHA256
67c714e873e9a39070fcbe9f34006db033ec14980ece2796a254db160914fb15

SHA512
5b9dc6b3e24797a0727f02f67289f5ca32f588d7be9c042fb04ea5377e01c7cb38b1e5edbb81ec7f177c9a95639b98e8d941bf252e1df29ea2da9feff7e4459c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
99c6316c0918d6f12f00aeb5a11cfd54

SHA1
7cfa94ebe229d6a524ddd52d4ef78a02320419f4

SHA256
1ca1ab51f52c00b07509cfbde8ca7a4c26c6db5d92386afd8cfa24f789de29dd

SHA512
1df5d97e4e10155c411f6ff0f86235b69c2dbeb4cb06fa20b347025408bc9e36083a1c1e28ba81a1aff408c3d968942a1e8b4652891aee76269e41c3698a19d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
200f95b6e26ee4fa1ef70f888d2a6507

SHA1
c0fb5d6c2d185a197020e68fee1afd3640ba76de

SHA256
26a2c46108e69963d6baa28a895d4fb42752e3b571f3782bf0ffb54966c99415

SHA512
c34f916d912e9d3198f3a422a1cd769cf79a024b9b4c4b7228dc4a1dc95255a0321dd634b4673014ae04813f264d320b49e83055f74c365f50d35808e4294e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
046d9bb06c4902aa698a08e245d5c9e9

SHA1
f9fd0534046ed6e438077a73056d466128ffd92a

SHA256
da360f146ddbf25240d8b84b912c6feead8c18808e8f1918c8026b12bd260548

SHA512
11bbf18e04f76e918637573ebfb2d2b7dbc71ac137bc8e8eb90a552a0059459ca6256ff3b2bb7981e0366d74f3808763b721d950db775b5231a425cd4a7e8f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
56919061949c77595cf1f4c55050533b

SHA1
986cb30e655e0157bd289d74fce7ded571d03c2b

SHA256
52c154967e092fe9666bb50c5596c7c54000375205ff73b3794099afc2c865ea

SHA512
858e3d10c3e8da675f81018e6c99a2e51bc16ddba01680a45cb6d5b2703221bdf699b989ca583194b5c379b83b9b251bf6fc4806266dc3c3781ad98f732e330e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
6fa0768d3532f8554edc56b5bd8a28f2

SHA1
10c6ec49617a8a3f06444d909fc6808f808ea297

SHA256
547cc40a28315b547103af1d3314d37c7f5591c9b894fe5025be760b00a992ac

SHA512
f2dde109c6a603500a7cab9a163a3803774646d1366dccdd66dbc72e93b380dbc1783ca413e437e25aa26b5a19adea54b2993eb1c902f4ec2918d58284d598f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
788679d2bd8a3aa784acc410283754b0

SHA1
e495935e0a5a59dc262ca337456c3af8d11ec1da

SHA256
43e1021a5fa1eadd0b0768d639e001b257443284191ec0e2b15b5c38a330cc53

SHA512
297014aca750edced8a2bab2c5740849851d17913a37ecba6797a9bf5c0975b858b6e926f410d9784e208c4fe8e87407718596b01e1400ce744f18c260bcf50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7c925807af3a4f6c8cbe726338e99a78

SHA1
254fa8e97f561155cec005e199829b68f336166f

SHA256
81e3b22f26f5210c5cb4fb393ec27dd673fdae69a15c158f983f348b530e3be0

SHA512
01d87f6b7252fdcd975d4921a2663cb7850dd93c464175a917b361be4ecb512821259f535cee2661c487893e3c931212753c4cb5b748c65043d588d0aa91cca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e98bb31139e3a2650b4d6d7d004a95e8

SHA1
72fafa50b29838d84fd78b8a585ac247ca6d19e1

SHA256
7f1af8313ad06af4e9ca31acfa5c9e898b9217d5fa70be30ad8200e2b8fffd43

SHA512
a8235024fb6cc9a6f80c181be5792688fa128b8ec44425af91abe30b720c739a73d95757e3f652b68cb43c92ff8f92af45395c1d374e553f7b3475a1c265c5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
bb51dc7f15219269b29408d4d004ad63

SHA1
b82ffc3e72f33a3c8cd20cd69ab26bf17a297054

SHA256
37e724e8f890392996df355a4f0c4bd62c2ad9ee6e93c315fa2d4b0f13a2288e

SHA512
55e82bc7891e91de47ab52f2f34d21937416abfe10e089ed6e47ab6b8c17eaff1081039dd30c67b4dc4143cb3d5789136863162942bc1a808e6195a4df310f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
85ed09f990c02ab7be29f95f7067dfe4

SHA1
c5bd696f7b759be3b89bd53adebd03ec0dbfed6b

SHA256
d5cf53e1cd765d21cef90a53df8c558bf406546e8e1538629488154acdcb9794

SHA512
b3012386394ab4ea7f649a515044889bd40c2459b18e9d901bd2ed593392e44c2468ac19accac007cdd1418bffe09c39c61fde429ed45687ec728e105ebbb967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8eca064b198df4b07b658394d45fae92

SHA1
999117008f94f5c741ce8e289a44414299fe8609

SHA256
a0e70e5b456b66a66eae4dc1a5a4f70ce5aaedc80dbfee1c3ef018c8dfa6e46d

SHA512
52980a0c56bf874a6131081d6a34e10bf81f1fdc89c17a308824fb7c3ca9050c4574b9dbe4026a8fa51712b110959f2f8f8b7fa24767c65a1c93ea19774070b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fef84d74d1e07877747568ec51354bc8

SHA1
fb8106d9976efa8edac57f733e72df5f38e61286

SHA256
03cbbb610792649953e1b71b68f4b87ee09f1316a2ed1e58e34a9a0d508bf8c8

SHA512
005c3ebe382a6b37bf277c5aba431bad2b7ba80b5a81bb78030da64fa7e5c74684566eed3edb851907f623d18b475820b1c3973496d669e8efe4bfb6d392e226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
16010bad86d454ba06bd41b04995c985

SHA1
a3990f588cb4ffbaee3ef6769b946287b6cc83b5

SHA256
39fc2a1d85d55b1bfb51ca0935c29a38628bd3823d159da2f0678135a3fd5ca7

SHA512
db82de542e3d00572a6973c8271b6e5f762e91411d0e99264ac12fe0d67d5ac03e94e37dbe9813b1d1341a5eb3ff40430bbb32702d2ccf0ae4be531f5b1deae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ab3ce1423122715be5ce76b80c303d89

SHA1
ae360a3bb5bc7b24851ef0079d543e0292726c56

SHA256
61df87da5ee3c06c2d1494d36ec5c418470a4c3783a7d200f2b4bd1786ee9a31

SHA512
f79423d25008675b749eed2d79b49b5e950ee25b2fd055a44072b71a448f1cd55295acbbda42c505053425d6b977484e4c228376bab223dc3daf9baa3243e2e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f745a065b91e1269c825bc4db829a3f6

SHA1
631a2c0cf65f0444d395bdbb1701f38a0b78f57e

SHA256
24f2f65927458d3427d1e4af1194e861cb225bb09cae1a17522ec2d3c7fac81d

SHA512
9375dae2db598a99ff37af8208edc91fc6211cd37b0aab229acb3f21dd06153958280ceec22e5d4cd2420dbf8bf2f90c2a0cdda40c2ca37d4778ba1f096a2cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1ee9b5ad2d6ddf1963eb5e9268487eaa

SHA1
60322a4b8e9d45ab39e5c152fe8c324978394919

SHA256
95e1a292d576762a011e36500733dd7fe5fb8aecf708669088866154f55c82c6

SHA512
a9187344f58491a8f0de0ef9f3ac11deadcf8c0bb904763eca77be0d0b698b4545b4ae72a2da766a6199fd90bdd18296430026259f87416f75a70b35d3d02afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
eb0a8a082f9c929ab6c81e5b8996c0ee

SHA1
c7e0928b976f44e09d6b5dcf4293760ac77b9451

SHA256
34258cc403c259c4a1fa7d902631a7f56c3f4e8271cb61a9fb0b33beede44053

SHA512
c6d23ec21275ed55d11f14a2b98048c287a80e6a178de9ffb4920eeaedadd6845d9fab09105960554b576fa16f1cd66bd1108c0c5b64a45a1f37e2ad5b71a2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a1b8020184f575023526ecb65e1d204d

SHA1
63a643d644563056b5830ae881e7d76a90778d6b

SHA256
3655c6e0deb827e934743f54b37f19fd99ca3b7312c0321c592d4c6396daa107

SHA512
afab5451b25de46f2bbcf1ce4c7e5f6601bf593321b36e28931245e883809c5c1ebdf444301cf21d778e03a5863acec613db240efbe6f87de537cae2f9285023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d968.TMP

Filesize
2KB

MD5
626e3e804a647f5e5df5999bb0e35268

SHA1
51cdff5878d19683d4e947d31d05dd89f67465eb

SHA256
fee574a846262659db1c4b258b28574502dc03a5791156119f12e3119e0f6f61

SHA512
86fc220bd098732b2e3e67070e16239f3dbdbaccb8760012891fa4b0e7f4b8895811f215ae5d422e246ba0c3cad2212d1ecf19b02cabb94a990c11832ab9576c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
aa488eea46d9e08131646ffc43c57858

SHA1
c6c9666be8cf8687615002844796b20f0af3e837

SHA256
347c4b0a12ad14c5de2cf35636d3702cc56d644db2a9929752ff29af1b43d0f2

SHA512
3e5783c001c4c5ef50b4ec4b19514e58d6b34c2b7862dfb97ee548cebe02c3e42ceb1f5ef354297fac114c21d87a31daa0e0b917d28923eb76b06ffe0159eaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
935add97cc0903eded40fbde2f82550b

SHA1
12cb6c80838bf84212f89804783b4d666a7df807

SHA256
f22eca9667f5b6fd7096389ccaa4ec5bd6b7b746254ba88efd15b5364813ced1

SHA512
942f7debe507dc8e4bdea58f50b06b523f696e6f7828a7d8026c96dfac1ae51acbc383dd18ae5048f0c04cf7434cca77b47b4106a1cdcd00b023d2a7ea3d9ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb1f860d02798d0a9928602b3645d1db

SHA1
8978d36d8f3f051cd886ed957919827926221ba1

SHA256
6a99c840357d1bddf830768c786b9f2eee51dae93d43a0d3b7ba8e2fabef01cb

SHA512
3a79786f95dce4a86aad223c7ac649f1460043186c6036177eb1f8da3aba0b6409345e4a2fc68d55993cd20ee1ba53ec652b89668463938e1a055743377197fe

Download Submit