Resubmissions
14-02-2024 17:05
240214-vl6g3sgc5t 1014-02-2024 17:05
240214-vlyr8shb93 114-02-2024 17:00
240214-vh4jbagb5w 814-02-2024 16:55
240214-vfga1aga7x 1014-02-2024 16:52
240214-vdlgyagh93 1Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14-02-2024 16:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://malc0de.com/database/
Resource
win10v2004-20231215-en
General
-
Target
https://malc0de.com/database/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{CEC87BD3-1F14-4520-9A6E-69ECA19AA504} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2924 msedge.exe 2924 msedge.exe 4912 msedge.exe 4912 msedge.exe 1464 identity_helper.exe 1464 identity_helper.exe 224 msedge.exe 224 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4912 wrote to memory of 3572 4912 msedge.exe 49 PID 4912 wrote to memory of 3572 4912 msedge.exe 49 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 4844 4912 msedge.exe 87 PID 4912 wrote to memory of 2924 4912 msedge.exe 85 PID 4912 wrote to memory of 2924 4912 msedge.exe 85 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86 PID 4912 wrote to memory of 3400 4912 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://malc0de.com/database/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecde346f8,0x7ffecde34708,0x7ffecde347182⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:22⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5896 /prefetch:82⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:12⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:12⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6098766925922770957,9572931932829010851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:4196
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4380
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x338 0x4f81⤵PID:4440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f246cc2c0e84109806d24fcf52bd0672
SHA18725d2b2477efe4f66c60e0f2028bf79d8b88e4e
SHA2560c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5
SHA512dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\77d2f02c-2abc-4a18-a00e-9a5aa8b7a6db.tmp
Filesize9KB
MD5f2b5b7f191f9973ddf3ee746cdbeec4d
SHA1fc936c27910a74e1eb0863999e69d0e698529cc2
SHA2560db43896c504afc5d8177037bc35c694d4aaadfe42649e2ee38cd0a52521493e
SHA512e472a78d39dd9b4d11543b900b9c49e90463fe93339807aae1ad6099de875603ba0efe0b153efb8d38228f6b0e46d3d9c4572d4249e9ffdc171bf014e4933472
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
69KB
MD5a127a49f49671771565e01d883a5e4fa
SHA109ec098e238b34c09406628c6bee1b81472fc003
SHA2563f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA51261b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734
-
Filesize
28KB
MD5e969e99f960c2a9c52616ed38a74af82
SHA10dbda7fb75e89704519d6af653cedcb760ad78a4
SHA256c02e3222ba87462777803058a8bce8a643342db13fbd74f242cd320ef9921d5c
SHA5128414ba71d1eeba0fcaa37225b321910ad6c7a3930b16ae4ec286a8ad9c4ad93437e6bcc50ec6cfdad6fcaffbb32f2e4c61bbc9ec9053749c91a2d90e3860feb3
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.1MB
MD507917e07d6e233b89f4d254dd612aa8d
SHA11a4d73470c380be3f01eef133bdb4df32facae85
SHA2569d4c742ace35aaf98b2824219398d0f433ffdd8eb3337892474f08828ddc4b7f
SHA51279dc109b9d39e4dc89058080498aa80334ec5c3340dbd556d8a39a30c779dcae2cf405106999c2a5b7883126996dd1c72d94479eb52aaad7e69a9e98c2461c9b
-
Filesize
32KB
MD5bbc7e5859c0d0757b3b1b15e1b11929d
SHA159df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea
-
Filesize
75KB
MD5cf989be758e8dab43e0a5bc0798c71e0
SHA197537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7
-
Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
Filesize
194KB
MD536104d04a9994182ba78be74c7ac3b0e
SHA10c049d44cd22468abb1d0711ec844e68297a7b3d
SHA256ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1
SHA5128c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52e11a8efd57ecd1ea20212ad7fe36054
SHA104966761afe7b54fdda5bacdbfa37ef0100dff78
SHA256e4403902bb03010f7a0348abb70bd0ca503e640880d23b2c29b7cf65b4ee945c
SHA5128bdae1d0f72486d547b465bd23b0cdb782d252d87b6d6b99b8a51483f850590acc1f9e928b4157729ae4078a29f658c68d14334fcc1cc361407e238701dbb1f9
-
Filesize
706B
MD5887a8bd09ac79136facdada0da5f0bad
SHA15697aec1747c5f087c08a57983c7e8542458a906
SHA256490fa1db75ef956c6196aab5c9fe61a2bc2dba1695f77a4e52f8ab687238a9e6
SHA5122254c98e6fe9dbdebb6033b8f1550ab26403d3c709a04a0a744f5793f5d2fd56ae5e4efd905a02a47436fee7ba500238c61798e0b438a1bc66849bffaf2389d1
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5109994593cbc3eb61eb07217d3b3efc5
SHA1e2b4872906a4109cfe9d5b3f7e28f888dff51688
SHA2567fe44b3266896b30b301cfc8e740a128b86f69d7d26f166db9c23757f26a9c98
SHA5121b5a74a1cfd2671bbcffa45eaf785ec08f5402e0db6602d98146d4225cc1967f4e6d7879a15e76b2123a81255b6e95c695cbc947971c2268a2fb75ee97e743f7
-
Filesize
7KB
MD5ed226b7e4e4306b2f1fa6c589675b2c9
SHA175424523192242778ac6685d160981d64325bd6a
SHA256f3200b016e41323053eee494b7d497cfe61b6ca77b8774a3357c962cc2bf122a
SHA512170b76719ad52149e901d149f76b586493673b106d8315157c8a61d95b77f27628c437101220d2e02b1628daa80d69b7f4444528f930e8d4fc20d159bdea39f8
-
Filesize
9KB
MD50548fa2abf33a3611470deaeaee05f86
SHA139bf1210baeb10b0672eeda306352b0bad2b1e02
SHA256a7cf8a9f42a51558cc44db51ecd80ec547714808b5db9a2165a753e295c7c1e5
SHA512cd78b28f9f22602d49bc82c4bbf46a9c0dc817de81f806075a717ec5ea92f7c1e0388d44b257cb87d871e62addddf6fabceab7db7299ad7c8b3bc8f87f4ec396
-
Filesize
5KB
MD52bca775ead12f3e76e586245c34c83f2
SHA1a6b10a7e0b5db955bde4a93e07917e2b6d4ab0e7
SHA25678a7087e9a3f43949cd001a250059d34cf63a7ebeba861732f0cb1e14d0919bb
SHA512d398b4496cab1c821b0507ec330e7c17fe8af1cecdb7ff39a7cf91fa166aac5b7179792edd60730b2be11d0a860fb9c9fc2b5b84ccf2aab8b26c95345ba38433
-
Filesize
9KB
MD50af634a99ea22405641d53592d249b1a
SHA1f06d6c7d0112d09eee5e00ec250971d48f2e3523
SHA2568d6c2078032ad3f233d856d81d081160f995d9946d8585501bf41d89774d75ec
SHA512d0ac40a0afe45fc84b33e81046ecaed3b791c61427bf2d4576aac19c2bd31ce1d1fbc741cf807fb1cc8e6303ef1c0efb79e76c8863a7c24f0e62947a44d94363
-
Filesize
6KB
MD5cb35892ac5e2c13db667e9f168f90fa7
SHA1bca9c58aaaba9ae26d505dec61240c0dcfbc45d7
SHA2562d165693a01857b9ed8487d675bfa7860eba139996bfc98a931582085e984883
SHA5128a5a618ae679f02cba69d094012232c08c3f669c61ded4663c0c884e1a7f82c716dab563051c86839a3f01918301090932a0b88c2c51bc1b703e3e8f6d6fd415
-
Filesize
11KB
MD594a71f4701f98c4c03796abd7e9d97ab
SHA157b4e6ae31828c5a8779932d83d5cb1f52917f46
SHA25699f5083a5ba7dd9ff60f61186d92aa7c04bec006767c204fc9029a2fe451bbdd
SHA512f984b0ab1b8b725bb0c7780da5010b2d6cfcd4bb0c68eaef40e8b7786c7e7d21f9d3b84c4c5f484dcc306fd73ea040c19da6b840ccf750d701f1bc519eebc110
-
Filesize
24KB
MD55e62a6848f50c5ca5f19380c1ea38156
SHA11f5e7db8c292a93ae4a94a912dd93fe899f1ea6a
SHA25623b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488
SHA512ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5fd3db314765400700cad8ef5f99b4c68
SHA1053056b9e3cb11d11a267d1473a35b0a2a3712a6
SHA256359a3e57d52dbf50aa5ca32a43e76fa14c7ab42f4884b4b431137ebc6f9f71ab
SHA51270439e0f10eff374fb990b51598660927ea9080fb68d9f6a97829e3695b39dcc703c8b4c351cf5aedc263933a1b92bec26f3921dad6059e6c46f8c402488b8e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d7ae.TMP
Filesize48B
MD5493387d018746d4149f52f5180f966fd
SHA1befcc9529babd289fbcb175623e132891a823e1e
SHA256d9d7f58c13829b2185b8cee59074c81206b1f466b9633bdc03690d690ae5ffd2
SHA5125a2b447ad9308632bf234d0645cf841addd8e6c53b94d02795ddee73c0f8b1ad35f5c876ca2fe6331d48137f0bab10f0deed1fb1735d947cb7e34d7b2d75bc22
-
Filesize
2KB
MD5323a476f35c46814fd6a05bc0834c146
SHA17be9a481a53df753325d77069e3d0fede3365f59
SHA25645a746ce9fa8e9546156383017e43bb8f388238e901ae6e41c13e410e76b70bd
SHA5128d1b77d62842877573892751f23ad4b0ab78a679a669e02a533e7585a739ff54168f5a31ef4997d79c87ad33cc7ddf82363cfbd0088277ee96ca8ea843902c6b
-
Filesize
2KB
MD5fe74111aad93055a07f60c128216eacc
SHA1aab5bc18134159f31aa9f7a632d26a6dfbb04328
SHA256ff06b06be56ab6f1c2b60cc6183be3e08db9481943cd7f7cd2ca1fab5d0162bd
SHA512fd9ccf82e65970d66217e069b1261679db698f52f39b76c0d4327886c7ae39b1b132fa7668b871d9215ed7301bbd33462b4e27ea68207c08ab7a196548fa8c92
-
Filesize
2KB
MD5dfe7fddaf488ede85f9ba2c026d0f399
SHA1d3f629b7018fbc222d2a45f84263bca2893eb294
SHA256398adc4e3bd7c16ca4b4cadfceeb3c1dab03ad9716ed5c8aefab46a7866bd6a5
SHA512b67c6de8172d116bd1d35fa411378f0ff84133aecbdcd96d85f2cf316376767dbf5658e08bbbaff2ad86b25e504229a71d36690fe8556ae5eff2171925285cf2
-
Filesize
538B
MD5e0230d794cb1a6473b733d08e2070cb4
SHA17af577635e032e80ce929bd12bba45304f695e38
SHA256c319e28096ba3e310074b1cfa855d4204f0c2d58854fa13cf99db221a5b58e58
SHA51272617b4213ea6a82417483c0caf296f3db97344709b530a921e24734df234a85a5508f932fd4ffadf3b5fe1892ea07f526019c71036209e17561cc9e198336b6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d3f865963df1babc77d81cc330a75dcc
SHA15044c93168a3ad4459d1c40f364f26a6bfc19652
SHA2564d90bae1c9a770a74b48466627b3f53e15b12a9c90147486f432e8ca00dd9443
SHA512384a2e16b00a0eae410dbc015d91d8325a9dc19e62055b567862f80489d00b7b3685f986c237c3b176ceaa42d0cd767180f707b993dede3b19aa37fa0023e716