377ac497bdeb20e13ea84ca1eab709946535b77d4231007a7646509386a4af33

Analysis

max time kernel
1691s
max time network
1696s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-02-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

7ce024e6e2248ee891248469894d8a9c
SHA1

13db96c5e8d67b7f1141d22567741cd45d659c1a
SHA256

377ac497bdeb20e13ea84ca1eab709946535b77d4231007a7646509386a4af33
SHA512

ce5b6e7b7da5d3d00ad1df64006c24c291e24cb63e855855375e52e7a18ea7b3d283fababb79046a59533bcd80d8c18f604d9ace64af7e712f18020e5b351eff
SSDEEP

49152:YXrcUh6gxrxD0Xc3StQyfvE0Z3R0nxiIq2ddIAuSF:4rNRxrxA6KtQRq2SSF

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\mbamtestfile.dat	MBSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2264	MBSetup.exe
2264	MBSetup.exe
3092	msedge.exe
3092	msedge.exe
2108	msedge.exe
2108	msedge.exe
4448	identity_helper.exe
4448	identity_helper.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2264	MBSetup.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2984	2108	msedge.exe	88
PID 2108 wrote to memory of 2984	2108	msedge.exe	88
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 1704	2108	msedge.exe	89
PID 2108 wrote to memory of 3092	2108	msedge.exe	90
PID 2108 wrote to memory of 3092	2108	msedge.exe	90
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91
PID 2108 wrote to memory of 4652	2108	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb59e546f8,0x7ffb59e54708,0x7ffb59e54718
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1067934673845797683,6180885445427008658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
26KB

MD5
bbb30064cb1c8bf63d154d2634cddec8

SHA1
2b09ec6cf4b33a6267c29616fb79b59131946836

SHA256
d5e466ab27ef46bf2481c0f1af65bf32fae101614f590a379bc7b23f22bfb2e6

SHA512
d99d41649d3e1e8e53b9105ec3a3f33a4015566d861aede543ef97f0be5e273ee1d1a5c746c67fba5933988ff4ca3a0078742aeec3dcd7688f02a5dd023de4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
71KB

MD5
a1fe7d7138fb6eba498b84f5604a29ea

SHA1
cbdfc3c0b23d0be1dfbe92806be77821c9eaaae3

SHA256
2bda10e278eae8c9736318693bf3f941a8d7e6642c5dd7e30413a89f835a2be1

SHA512
03c1d325c2a9f25c57bac014e3085e53a8e23c3c79d88e61593d942c1ce58ccd6cee134fc65d001e9ffa327a7e1fa6c63b2caac5fdc169ecb276cf5d0e7765c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
89KB

MD5
9dfb489f419b92053afe35df1a1f0200

SHA1
b8aa0a15f4dc2687c673a7a5bc3788c08b861d67

SHA256
fe70038153e222aeca3c2830c8a6d035fa7a4193d6fa24967b7667c871f004fd

SHA512
48bd84c058d5c7bb94246cebffa91245f8e7b2b9585408cae4a45c7c9c9d49239edf5c4bda0b61e8ea5d88acdc81ef9ca876014909e9bb40b0f32fc189b26af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9c6984f2d98ffe6151b517dc90c12322

SHA1
80fe24f469d8baeb94d569b45d750e23afe57bcd

SHA256
1151308574ae71aa9a288adc8738fabc3fe9b1278fe00f0f438f8a5bdd79980c

SHA512
769592c10c9b510791b68208745feae9d5531d970dede00e2ebdb94e424fe4aa96a382f6bd7ae203270c643061328f450715a5cd7cb0c32a2cace1c91181ec7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d2854936fc3c1096fabc024d818dfbb1

SHA1
9d948822f1dbaf85ab432ccd23d6c869226d7ed8

SHA256
522741185bb13a79d90b8839d943b5c116f848b1d25b5cfda99b999e0e5de374

SHA512
a8b2d60d98b74ef998565c93278e4665386db3da694f974c92053cd1951f704214bc58402eb59ad24954cb987b0635c88560d65634480a66a57023e1e718c027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
37e6f14266357c376d8c1cf04a2d89c1

SHA1
7694d6dd317dbc6af241d821bdb673e6658d702d

SHA256
fdfa5c98bcfb7d8f04b202bfd39e25320920dfadabb363f8a9bd0c4f64793033

SHA512
481812edd4747142b3203306b75012bb3817c05b9544ee880970f650c574c1dc55349433406c5c4432d6f47c2c73d4deff40f71a60d5a334df3d6b37b9b722e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3047d5fbd2874f269f5898d2460da510

SHA1
7ec3c1b1c4a859b54cbe262c0360085161cfaa54

SHA256
658d2a3e626a2b645e6d68131097ef019582ee1eab3e126141adfeba7a383a94

SHA512
840c95dd8d19bf6cccdde37476f481024560b45d576e573b19b5d5591b606dbca28a21975de4519d698697752f5ba356c474451a4abe34bd91e748842fb87e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
43fc131d8c8fb3074aac7638de4c7df9

SHA1
60b686353ffe43dfd00529036868baa95e6e47ac

SHA256
57ef334c01fe8eeda175a4c370c965c9c57614b4a2a4eb28597de67c9036582f

SHA512
3545d4ba32c2c9c8f5cde448f551ea8e5deb379296e924357a8744d13306d3b87f832ea3f3a244d44b33229cf1acfeee82a9e72e821e39344c5bc8bec3dcca0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
52428b3360b5a57083686adf7672fe62

SHA1
446c794cd2b0d3d1961e8939c0e8e58c8138bd1b

SHA256
c97a02ebb0d4923c05017e166a971aa29989eb5fce64edd1c910f54c2655e728

SHA512
82da7caf303eedad5e1f91ca2fea6e20f0787abc3a4a2f07ec695147648b1a95cb9ba4be49bc32a8ab01bc80017045fea795fd77b7bed450d533f64382d9a03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b44d76679276265b2e8ee906a15a7341

SHA1
4fa09bd108e96bee0e9243dffa853e6a4023ae68

SHA256
a999e2bad99eb17bcc4a8d0a75097f1fd2440e5747d4327ea1648d8776abeab2

SHA512
10261eff6b98136befc929d2551440bacebe6e499e22f78b8ccf4babcbf7f05b964ae2b312c052fc7b7e018bb96045e2981bbe4fae384bbefc87d9bb290966b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
94ee11860ca8ad6b83e1053873931beb

SHA1
cda46dd2fbf8428d7a6d241d40c14ae904b2dc7f

SHA256
6081e74a42b4b6db41bd15d76ba6fe70534816e90cc4990e12b111f4ac75a992

SHA512
fe115be8ef12d1831f07a6437496b2bf4781f19579f6caa377c651ee5e69e646cbceb3ff501d8f6e659968c8a90e5fb5d437018dd579797642587d85977306bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d7ff80b26555f3d213baf87fea3f0152

SHA1
97af90e51a012963e83ceba6d531a70daaf96677

SHA256
44d708bdf399926e49c665a314a0d43f5c7460de221e91480f09e927d728cf19

SHA512
ebe70a9129d543c4deb7863573a0a9b1efba84f3a35723a974b8f8e26dd6a912e3c0e51ce29dbf0ec48dbbe6aa354b648471761d26d9d97e8418f8947b30408b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c3b4c3c3e4340ef4e6652c8e167e23f

SHA1
62c1ac5317d86561a059114ce29e7c58a94f7da7

SHA256
d43cf604d0318f6c0ae6c2c5ef821cff3bb32e4e2975473c1bffef199b00a0e6

SHA512
35807a0cddd67a27b01919d8571d6f8a218dd3111224577aa51d81e560922cacbb60c898bb856b00eec2bc4945f0c133985cdb47b901937f8b777e99cd45408f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d48e10e97c3246e329f6fa55bdd8fc0

SHA1
a7d81f989bc1ef11d2a5d4fd0cd9b55bd91dcf77

SHA256
a58fb323388d61bb5427196b8ed6b9a47520afc6bb5c1d2de1a2226474d81d84

SHA512
6c5e2bdfd1734dd189f2b38a8db631608c62e83f2a69ad81e7463986fcfea176280c1a26151b530dd60aacc19d7fe07cf2bba492f11123d4a5665c5707e0b6c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
152f0bc13724e3c5d9c1c1f5497634dd

SHA1
0da069a7359ac3aa0d4e6f38393d7732e504f09d

SHA256
7a51e90e57d6af4cd87fa721eb60a4d5a012d4574e248e109043867326c883fc

SHA512
2657457187224cbbb64c8a6bc5648c8316c15327d35c50bd12f061cd1defe50c505fffca53e21fd2a0a9070eeb9454ce234b21c257ddfc3a48253bbfc4e4cc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf9839e6a32ff42c87bff9339165f476

SHA1
5f919ed6c3f7591d5cad44c3eb6aa3a1f8176e7b

SHA256
e3fec665c97d8e570f8c8ae08ff644e6caf3b2960c3b107d6169b3fffff3d97a

SHA512
a9fc34dc17dc0e5db04f6cb7ba956156c0deb6eefa8562bd602a5fbbf08862082717e3795ccceb7d7230db430a4884a0bb00236de8ec542bdff866f9fa3df664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d92d00906bc6e0f1579540c72ad1ee0a

SHA1
c79661eac67cc0d19eaee819750e012422540e2d

SHA256
803a252a721e6fd372e3abbd8802d6b71e746736e1f351b8427102eb6dddf509

SHA512
9a2085f812b8406d0853576d03f03838682302ebe63b00950bc54b12f5ad51f8e557467b5d6f14a1fe7a45948b6e2e2de02b9a2d763c6bf8a6aa41954edf810e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
d34c2d93a58b96bac930443c9a65576d

SHA1
bba776f115ff19ded8c1f2c1e671b6eb7ae89ea6

SHA256
654303066ddd301e180ced0ffe8d9dcce2df39f9c7317b51ba0043fa23b898de

SHA512
d800dc348ae2736355877927fc8f73cc434f6643878440dab117dbf2c1febf14397473980516d7bd3f74c9645eb4014e1079314d62e807743611a951c3e190f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
9631e9a5a87af2f3dcd302a55f6b809f

SHA1
7f56ba2d001e6e33d4535c77818c41c3266c1f2c

SHA256
6f3d930d6ed06d3dec650ea702f93877739125a027e1bc2d30ea66c9ff127459

SHA512
ab842bd8165addd3f95292af1f745361cf955bcaa14a206d8462eb7923ca0a5b422f84ba7240791b21d70a1d370a5c1e94502eb486b30f7a4763d862645bd461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
9dcbcc46d5c5076ba91b91565646af6f

SHA1
d29abfd14c91056d22dc0cf85c23a2bb6323ac95

SHA256
5be6cfefbee3b67098d5e862055090a75bb0e4f0d81548a9d7523fac4d2fe6da

SHA512
47adbd538dddadf007b5764d805f8cba675681854ec77e31a0edba46812d3f45b83911b60781049ed72d386d7ee3d57a0a7094e2c5d4c28ddb265643f2ee42cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
2a8257f3d52567f055427850b1359e74

SHA1
dba3216490424955e3baebef3f73e4f4fe5cb28e

SHA256
a9c58b1c4ccec6e342b4abbba18987692e748e53f84279186abbf227cee35db4

SHA512
32c9333c35b948e0d0ddae78e0c9b4f9418b8ebc874fd1836b99285ba71d26000a929126529ce821f16d7398a6137802b73e49a670b5c03c8024865b29ecff30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b593b1d0cfb91ec612528d5f6919e869

SHA1
54217ea6dde766d1093ad7132c44b3802efed34b

SHA256
9c8bc8504ed70aba1d3d5897c9a81090c7ebfa5852b099c132d1cd2bc1c285de

SHA512
6c24f6641a6d7e8f3feb67cf6262f00d5677f15077aa0414a7bfd0a56f9988d33c80ad399f14da298775004d1583c954483c2490a07c2c0dd93a711da26e87d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44892be37b0b9e084b9d257a72a0136f

SHA1
c3c5056ff054b4bb0ed3d6be48ced8e8b6744078

SHA256
6ec36a56c87a887ebf8732a231b1d8f9b226aa7f690fa9a11da05129ce0bf57d

SHA512
7e1ffdc4c1af0d62b169869496cbdf89f963277c72f45ad08752bbc593d80b5eb9b419a2467b1ed5dc7bdec229a5091f2fc187f830ef5fcc843e27cf41302cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87a07e8d65649d56fae983b0fdd1bc19

SHA1
2c4dba36474a67dfb79a8e3cadce629e9e0475be

SHA256
fa3b6d14dc38d179bc1c29a5757bc1739a6bc024a7fdfe9a9148b4f043d3bbcc

SHA512
8c9693d8e27fb84191c3a0a2070cbefbaf5f4ebbe0813da7d6f2162f9b039cfbde6fc3da5a69af40f77c33fedb45ada5f0351b57dc1d971124d6835caa7e7732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86786f08a82c6b7ce473769ee121574a

SHA1
a9636bdda42f36932127aa6e628a5e6e385226fc

SHA256
c42df75ecfceab63cdf537310d712ab68c767b3b89a66a1d3ac3d8dc71bbc2fb

SHA512
8190faab9b833f3c5980e13f1821972bb8aa5a11175150bc2fc13114d5415c5ca9cfb953c387becaf66be530b0e950369c65cc2ccc1d7ae56a2337e6b3371387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
deb8207b536fd1f53e0bb5cdffb5a91b

SHA1
17953aefa401065c7f0c72cb677da0790a784e36

SHA256
e929f7364f4c9275cbd5a5c9d565f90d4af849b9b567fd4c61d8517dccba1280

SHA512
c2a8f3a40048a5278229f2577208983f274b21eecdfcef6e701c361503bf404a592de696f5ecac19061d7e866c038c871f7fabf07e59bb8f135b9c595b34e5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
737bb95b7ca6dc74457d9f246cb6dcea

SHA1
08adfc6ec9f1d43109ed9e38b6258fef811cf4c6

SHA256
1c454b9fe238c41e0f59e805dab46fd761a87eba5189c5b2e8cba9935afa8ace

SHA512
de09096a428b4560244d20e2a27ba2f09f71d143581138c35d67531f02134888a9ba69b382174959bab85faff5400861ee89b8cc797eea3736010e8f8736f2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f7ed.TMP

Filesize
1KB

MD5
7bdbe779ef3cad6c5be3efbfc7fab974

SHA1
6912bbeb16155989ab09a8685f01f25b7d1a055f

SHA256
5c2bbdfdd361b81ff9add764e468aba3d066c4517fd7081bab723b6714b27a90

SHA512
f3edb059c9af1fce64df681feb52979ce293f42620410829fbc692868c811fb8f237c9276c78b17d1a7dc51f75fadca237c8e374339b96d9e39ae8165d4dca2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2c53aeaaff09f24d761f99ec37143c2

SHA1
ee08cdfb0386a0da31015a01ded348575b9b911d

SHA256
01155d760a474dded5917d175aa4b3d87016accda91cb1a9454309ecb7614a4e

SHA512
8aa2675885801ad9532aaf0644ee8d2d752882b28d4cc55c8ae770d301f7b79fcdc37ce48729e94c1d1e00afe55ab8bb4da01435287807394d1f4bf0316b0ccb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit