837415683d56ba17ab5b260587855ac35076e05018a6281f4064cd1d03a46ac9

Resubmissions

18/03/2024, 15:07

240318-shhkqscb9y 8

18/03/2024, 15:03

240318-se9j2scb51 8

Analysis

max time kernel
193s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gx-browser.js
Size

165KB
MD5

e276a501681746b6a8c8a53352ee754d
SHA1

8d1821e0ec5d967e36cb4969763dd3c63e4cc220
SHA256

837415683d56ba17ab5b260587855ac35076e05018a6281f4064cd1d03a46ac9
SHA512

50fbbc879c24f13c85134d4713a66072eec6b8c37c60452f505fb624b85e94ef28530a2f1118be31936d503e3ab3af20398cab244ce87a056633c70d13afb393
SSDEEP

1536:WasZT/zlXf87fita72252wj+YSLct/xWpmgLODCcsLUazNcpBzaMB20AWiigzzoq:oL8Ly92YwNJ0PzDreFOHDlNDuG

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{6C892A29-98CF-473E-8174-05E990672337}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 59325.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
5108	msedge.exe
5108	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
5372	msedge.exe
5372	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 5096	5108	msedge.exe	101
PID 5108 wrote to memory of 5096	5108	msedge.exe	101
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1296	5108	msedge.exe	102
PID 5108 wrote to memory of 1516	5108	msedge.exe	103
PID 5108 wrote to memory of 1516	5108	msedge.exe	103
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104
PID 5108 wrote to memory of 5036	5108	msedge.exe	104

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\gx-browser.js
1⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9713b46f8,0x7ff9713b4708,0x7ff9713b4718
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2756299833111355295,9597865060021421789,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4716d3dbaca38e15819af0e3b5d4d9ac

SHA1
a0024cfc9f0ab35d5d6e8cfb40c07791f1f73bc7

SHA256
41450740a79a59812c0273a97f67faa8fea55b508fce0fab8293be1a8c67d44d

SHA512
25f5b987dc17508d00a8dd6940b39917f539e5d1fbfc682ba547de0a9bcb58de2e59d32997eb2e6498d377f97bdee086fe4e1f70277d7a6a93a81dab12414e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d7a5dda22fdf36389e555a7b6c0423b6

SHA1
501f11f352da75fb4184bf0182e3df6f1da0e8a3

SHA256
4e0136faaafe6d726fb36892816a6a77bf544eec0b90360dfa2cc1b4b524da74

SHA512
bdbcb1f2fe7ead51075c0453d178304610a2730b0e59c2831a3e982d66161a69510b226cf5835aac47a32e2ee923207a60de4c3784e71a5053bcd3eafbe1570e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
587d2cb333e3cd111c53c02b32388ca4

SHA1
aa5051d6643ea08f49366ea0c723d6b864313a0d

SHA256
0cf60741ed92b8755af39da086519d3f40d31d14a7ec44daf8fc7cb74b937fb6

SHA512
09c080b8a25c01b9538762f6e7b907fe7d1fe139dba230856fcaea50918944d6bef88866b01b5057e30eeee79edb2f0f3a5c131b9ff0cf083882c1e0b7b2ab63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bda6bd6c9e4bb26ecc5f6bcaffc79c23

SHA1
b21eb7a5b80bf706823c22b2980ed75f269a87e2

SHA256
21b716f6e05a56c24864f171e515beb66661d77de9d7468737ebbc773edb8c73

SHA512
605d101dcfcffb89da63704262d296329bae6a9bb90a7f35b11d22cf6f684c4f6ae1fd72a906ca81d82af11703d6efeff2ae1fe6534d802ae4b1c9c483e7543c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
35ac7282dddc1559a4aca445c5a1e3e3

SHA1
234a6ec2a2ba430dc1bb990fd7274c932ff8fd93

SHA256
cebddc830c2f158185d1053357a646e77b4cd6f687710daa1e7b1c4e21e81b0c

SHA512
732178c84870770c93b719b1af26a6c3a541d10ac6310e69c8dcba171f87b699c7ccfe9aa662760db6e588822a64d039654045804ee7679edc4ab4d9050c7921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1d94de4b17cc79c8ebc92ba94257b23b

SHA1
2a84f736ab551b448667c37caf2e5e3a6578dd3d

SHA256
ee6356f2dfd297e6e5d6e44cde284b5a811c3617adf88e489edfca6774fe28c8

SHA512
c1aed0d1ed29510f7a459e1e5e0799f3ce37e8495d205fb9c2072b1f8347dfffb1a59d84a2b6f1233dade937237f1ab2bbf6b9ac4ef2579e4d21d089bf8a81b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0c09e4cee3074bdf6da8f29e694168b

SHA1
c87e5540b21f6e4b293c388672b52fba9c082277

SHA256
a9874891268c6ba8fef85c5d23d975aae374014b51af8d137dee2470bf830bc5

SHA512
5b1ff4ef8a57bba6ee1440b06baf37f315dfdf55c88d4bc4ff1bec39a5ab6fee2249038e8fe0cccea95803229a0743313e564e8fff8fdb2254de7a2e2e918fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ebb3deb034739b806c993cec81bf5d1d

SHA1
1ff8555799903bd51556fa857bc2deed2f0b70fb

SHA256
70fd180d7409e710f1e7bb1d17f2c9b383bf9b8018d428621ea668562ea8c71b

SHA512
897d76b23f22a0668726fd7fcac883dbb6e30ad3e2fe18a515e4272042af582f25e9e0441e3845c7cc78482ed61c5e2a3bcae88beff15385422ba1f3f5e7c2a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
072f230f8f5981284b50d727fca1959b

SHA1
1aee5d1277ed0adb9b6f3bfa24eed03a828ff7db

SHA256
ffb23bb7e91eb6641c246db4df777bd906e276f1b14f5acdddc30b65507a3f75

SHA512
5589368b67a2d872b8865a5719ded306bc926d1dbdcb470e50fd6c0380328008d5867526404b53bfe460a9949411bc3858696456a2c05bc82c05f7c1bcfb2547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
585af99bc87085a8c2c86e8a075496f9

SHA1
b310a477f77e21d0f286a46f04b5de0df306a0af

SHA256
84a798d26a479c70d817572c1533df07a6a64236e612cd02d8d4d17b9152863c

SHA512
ad9116336b37bcb31476758be89735663838da0f80290e3d0aa3e086a936f0786799b006f35225435346c4a0a1e56886aa2434bde00f63d6ba746475340ab6be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
348545126eebb7ea03d44a8e0df6bf1d

SHA1
0ecb21c67a2f136fd3676086621fc0fb2ad2dd93

SHA256
6ef0d359b533470a08e6dd62c09bf576467f6e6d90e3753a000ea374da8fecde

SHA512
2b141d3bc6cb2d9b6d403306ed4b3073f31d243c89013216d73607822fc1e54cfc9aa20caad9f8ca21dab2971f279be5ed69e1ecc3182c1d283736a0bc5ae701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5821bc.TMP

Filesize
2KB

MD5
30d2149d1b42e66df4694404012e4f17

SHA1
24857d592d9d3a98b98d808a822768619082d2c8

SHA256
9d46178295dda6befc5cae4b138e0fb7fa8bce2b217b4fb3669351c2e44ebd4d

SHA512
ec7fca23c0fbfa3a61e8258a44110f41b6e1a49156af4c7d8e30635c3a1aad365e1d6e461164301609142a292d17377a1f67fda74b286e22548b1bd6f26c5344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0cd4c240dff9915dcfc382bf984e22a9

SHA1
8943415c74cd596b0092300ad6fc03f6b9e6d46e

SHA256
82c2abf4c1749092f1b9d5505a4414b5e8a86620115dffb07b2f8fdf12eab600

SHA512
caadcd15ad9ae6a84a7bb89f456c402a0e78e0bef3cea000f51fc531a90a69540b4aa1aedb11aaa273046d128dc18ba477c673183424737ed248ce24555fae08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fba8ac8dc76f6e85bed350aabd5bde40

SHA1
d15400473377934373c621c86491ae3b653e39ba

SHA256
7263d417268cad969fb798a210c807d12ab48db6f46624ff87174534ec33a0da

SHA512
4d7aacac2291248425b9d14c2ed0ef874973fa98c4d110b979b67691360c7e15a764da3d80ced3df2cf23e2268b1a2cb754e58d466696d6c74179b0594c1932a

Download Submit