Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 17:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4
Resource
win10v2004-20231215-en
General
-
Target
https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3791175113-1062217823-1177695025-1000\{4D01A9E4-4F75-4766-9D28-725F3C18438D} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5044 msedge.exe 5044 msedge.exe 1384 msedge.exe 1384 msedge.exe 4884 msedge.exe 4884 msedge.exe 4364 identity_helper.exe 4364 identity_helper.exe 5544 msedge.exe 5544 msedge.exe 5544 msedge.exe 5544 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1384 wrote to memory of 2168 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 2168 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1736 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 5044 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 5044 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3156 1384 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK41⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8acf846f8,0x7ff8acf84708,0x7ff8acf847182⤵PID:2168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵PID:1736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:3156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:4132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:3004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4948 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4884 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4936 /prefetch:82⤵PID:3548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:2500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:5112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:3760
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:82⤵PID:1340
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6128 /prefetch:82⤵PID:5268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:5340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:12⤵PID:5472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵PID:5480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:12⤵PID:5752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:12⤵PID:5956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:5244
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:4952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:12⤵PID:4368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:5520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6432 /prefetch:82⤵PID:5452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:12⤵PID:5956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:5400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:5716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:12⤵PID:2284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3796
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4780
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bcaf436ee5fed204f08c14d7517436eb
SHA1637817252f1e2ab00275cd5b5a285a22980295ff
SHA256de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120
SHA5127e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c
-
Filesize
194KB
MD536104d04a9994182ba78be74c7ac3b0e
SHA10c049d44cd22468abb1d0711ec844e68297a7b3d
SHA256ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1
SHA5128c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5bec3b512f16b9fe2c30946117e8e8356
SHA1dadac0f2e69ce2bf808cdc49e7e35e2081fcb2c9
SHA2568212588b52ff5ffd3bf29df27fdf081390ae877f50f1d6193b44f91de0f8dba0
SHA5126c83b8569b6a691d2d113e1a7c07017c2c1c0e7202ec3411df518861a337f181a60b828162049e1ba055b032a6c9cb32bf77ad8b991fabe074b931f92b6e1ae5
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
3KB
MD5c0b97a7108c6e6075d8d7090f2330daa
SHA15927aa6671cfac7d9649d7c9d553991e50ff66dd
SHA2567c5a71aef0a96254b1639bb7650a60426496eb205adfd642b92071118ade9357
SHA512a4b62d9ab77e36da5b5fe8b70f69fad801ae82737b09094f190f5448f7540987ae8e13aab730ac0b42dd3f73ccdb7266167690c10c68c11c0a64ad9b99d0dd74
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
3KB
MD57293f35870148cc12bc09b4919bc33e4
SHA1c37f3802cbf8b39dfd8754d4c064bc0f7d337429
SHA25688b350b58c729221d870c1987889d429af4ec8a117667e3714f4464a67bbe433
SHA512b6efb28012ebdba339cedffee1e1f431a83625e865a584aa6d6c04bc957f27da41b4ccf2d3a36887df27651b406127d49667bc68e888c92f78417dc169b23508
-
Filesize
6KB
MD515bb3190512f4ecac3dfaaf24fbf3e1b
SHA1950435bf4ae1b841b56b3f7631278f27a3777f32
SHA2567ca61ea048e1f6b93f4fb0eaa41799532a5324c9a5faec49e492edbab9167881
SHA512dce1c40bb154cf17421e5bfb2908cc0872f4986f6a453be56c6055f3a4a6bf4343e3a50339647ddbd6e82273ae047107b2064a6847dab5b4654fde47390b2b6c
-
Filesize
5KB
MD5898d0b1090c9a20d3a9619b43ef2a99a
SHA1f097cf8b6e716163ba5aaa706bcaedce188fd718
SHA256b3e189a206b360f9556340435acdad24ecbba78d1943840ec40495d55f216825
SHA5125971fd16971891a66ea93b96cdb0488f7dfce272afe24cf057020da41a6cd3629ff80afdab6377a641ec3833d7aaeb0d1e0e70b67f02a18e253b18ca98c2751d
-
Filesize
8KB
MD5d114403e076a57504552345bd8a419e6
SHA13d25f845345c39b7f83a6194a17934135b44d135
SHA2567a2c9f000324436403d8ad1e19d7d24121caa01971d742765db7cbce61ed404a
SHA5123839bccb01c3221ac791cad6dd00e81cb8dd5ec8526c5a79e9d1fcb8887c4e51fc6767be7a73d98f2e410de8c17fa261ce463c6661af22e10fe2644ff07ecc65
-
Filesize
7KB
MD567d93ad5ac84cbd13f3b009753dd618b
SHA161c246cd9e57ff2a8500d51a4e2243faba3dd2dd
SHA256c6e45e63c45c5735a1855e8559bf7a6ad193c382bf3dfba93470f1dcad20c49b
SHA5123ee63a244ee671449f886b855d26c43e81d1f8ff5921befe4f18de00a13dc11dc14a1d6b086583478fe4c713b0e49db59a6f7483c1d8381d52429b9b1c13546d
-
Filesize
24KB
MD5b0ba6f0eee8f998b4d78bc4934f5fd17
SHA1589653d624de363d3e8869c169441b143c1f39ad
SHA2564b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f
SHA512e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5bfc2b5016fa3f372def0e792de24edc7
SHA171aa868c25ef41ee5ff96fa85af686a0d7779d3c
SHA256d44a24b69f30082797e5bc9da85fc4326124243247c627392a24350d31d5f42d
SHA51225be2d59120932b0cf5821bfc0f43b5002472173e3cde72cc758d4ad59ba9a681827071c31e2b444a3f9ead7d73a7c92891aa61a72bebf144c134cd0a2f5433e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583ca6.TMP
Filesize48B
MD58924eb0ffca036f6bf865fbb898c5f25
SHA113b7e8c9ca0a0250be34ec02fa510fd0f50e7b45
SHA256d8997de1fbc97e022b42f05049f8178e914a21a695bc2179acad07744ecf280c
SHA5125a8c58ac2286194729eca60ed919ff8445ecc97fe2886529b201285f6bbea1109c1435360cab892f43960d2474afc395b0ab43c32f1e1fcfc231ada28e56e0eb
-
Filesize
1KB
MD5a4dd182ad7fd4e8c77ee1f83f20a7f8d
SHA1579388dc66f53038b7cf1a46c4e5a177c2099c8c
SHA256a42d731141becd678c130485296c72c89bd610e882d82955364bf2c44db61359
SHA512ed355f30d13d3e1d194e3b7478f675f062c9067e7f376fe36c7d4e57115f1a23e92341cfa27c61f1314783b122dcf9ef13ce6381021ceade644e4c9b1632b43f
-
Filesize
1KB
MD5fb07e30a527f29713a084c2022edcec3
SHA1225832a93153bda9bacc867b245c8c02aaa1f9f2
SHA256f628a55704f40ba47cbf9cd2d51b93d4d6bc05b8c1b4bc1e5cf5558eebff8a37
SHA51227e024034b90fa6153bbbff22a6f2dbebe2b04fd333256db354cab7a6ef2ca6ac876267a408d64b7003e4dfe5924172c7151e40f8c676adb154bcc914512762d
-
Filesize
1KB
MD5014aaca312cafb645eeb5c27e8ea82f7
SHA14bd76c84533452de6f1dd9550d413c4d047ce40e
SHA2565a043edc24f16127b30f2b813ef6e86f787e942b4190344115ffcde968456650
SHA5128eba771e979f3e89aa91ef98998afb68508c676f970807ede81b848ed57f52b6d3ae20d759dc0bb03b2c0ad7f0d4818dbbabc46dbde67c501ac98166a8aaa320
-
Filesize
1KB
MD55f15d3736a61a9edb2d5b9e806dce042
SHA1bb58e500155f27d267eb6185f00f33f62bf3ad7d
SHA256a3b1022202dcbac48aa894eaa8ad00d11bc0df96e5aeeea81bad5e87164e77ba
SHA512458126b3c676f5981dba28425d059f68c9d4cd1f2a247b3008f7e6733a229165b243b32c5ae92379d48db01644054d4a97db2466bc156690986e4cdb87a69d02
-
Filesize
1KB
MD5ac5286595ec8adf9b0b7a1a9852e8c86
SHA19bb29511a1ac46fc54f020c12c2c014d2bec18d7
SHA256acf4277cfa56f121bbaf34b3df5607b4de79c1b501d8b9db247de7fb67fd7b07
SHA5121c06a7e8c76dac5c6d936eb891925cd847ed79809c5d2bbe196023cf8ef2b6a83f780b451a9d8ef4485addcec34ba95eba16fa782110450f3f099025e99e41d0
-
Filesize
371B
MD513ded1fce9f85d2196680e209cc8a675
SHA10aab1d1236dac4ce26120deedd30060ea08e1f17
SHA25658b07e9d7dc2f63033792b112b84295a92383dd6d23ec95bb89420e78d74e223
SHA51228faa0bda10a20d49c84966d4770e2b69bd0f8a31440a94041fbf2b48430965bb6da2a45171e3b6b78d29f1d0f01d02a0e74a2c9fffed649ecd1f9cafdf42881
-
Filesize
1KB
MD567cf96143a830eaa6b496aeef511c6ca
SHA18691a458ab36be3239beb52b874a65e018f32875
SHA25677174fb47bd27da5577015197ff0a7171bc56aac7e9280eba448b683951c5046
SHA51227d5899b3332422fd534ca0521d693058b126ca82dc94c7aef8e79bdfe9c6b84f21b66d65b6a81fb1ebb4fc74d1ba446e89d66abadf17c7750cdc633388e7acd
-
Filesize
371B
MD5c8ce74d6dbccf7c5315616630346fa4c
SHA14f0000c26019a6fcf07ef3a4c64a8b29825948d2
SHA25639327dc6eadeb5dcb85f9f465fedea70b3eed8436ca86b091c6de3906d66cc34
SHA5120d3ae51c6eaf2afc57d4db90aa33a31e7c7291e72cd6a24c4a8960fdb6c69fef2fb0d200df100ba0f6487b733b80c62fedbee30f292d2035a187696129931e98
-
Filesize
371B
MD51203fb9ac64a23891db5ec662dc46684
SHA14e11b86889fa0412ca63615d0105ec763a2f38b5
SHA2565ffef5084cec231970171c528122204113149ec5fc3b9f99a401f3346958d806
SHA512bf2316917a614936a813c0a50f9431a98a3b5d81f77b9e3c7e6ba0dc51ed6a81dc417dbbc2b7df57e7bb51b4e100780588842943b1419432884dd324841b9489
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD543c941cf058f7405eefb441498db9ef9
SHA1594ef5f6397e651a9d90dd7d390f9c1a9beddb19
SHA2566a2b16c4d5392d7b1463e2e37ab3838aa00fa058d76caafffff3c5433a423255
SHA5122a03d873b00873c8e26c1b40f9dde67b7cbb70b7ba820b75ae7c60d9cddcd8118e3f0df7766361c1bf89f1bca9a7c9c6798ffe9c8b87865d7cf4d11bc2004473
-
Filesize
10KB
MD50ee35653249f92524692c434895aa54a
SHA15d73b2c3cb3a3e16a2e62ae90e470fb6ba2f2346
SHA256da930513b7e4237305ec7f3ff37cedf30d265372f6c1497bd98c34aac85e7b5f
SHA5125c55012b929d95683c97b3446c4ebde7e3ab58c231e922c2f967f7ead959366752f4b5971f04e49979ceeb61aaf9df4fc87f4977e4d9f6c4e404f5d637211d2b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e