hxxp://what is my location

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://what is my location

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{8D866697-C1F0-441B-B189-926193FF4452}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
3024	msedge.exe
3024	msedge.exe
2892	identity_helper.exe
2892	identity_helper.exe
2004	msedge.exe
2004	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 5040	3024	msedge.exe	89
PID 3024 wrote to memory of 5040	3024	msedge.exe	89
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4636	3024	msedge.exe	90
PID 3024 wrote to memory of 4152	3024	msedge.exe	91
PID 3024 wrote to memory of 4152	3024	msedge.exe	91
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92
PID 3024 wrote to memory of 2248	3024	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://what is my location
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe849146f8,0x7ffe84914708,0x7ffe84914718
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12988540977107955745,3614935911015646520,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3aa6c64d-e267-4690-ba4a-94c3f810f41e.tmp

Filesize
6KB

MD5
dca539bd591213286867619c248e509a

SHA1
089ad1babbb97664218a652d0205c7a36182109e

SHA256
d117a5f4146397c62ad7851d05e4c53fdb196081fbdf814716fa2afffad1b45c

SHA512
f1de362c5da7ddc6ed3e07137c82b98176042241471235e500d4a0eab6668adef1da06e6b88beda18fa177c0f566c9f3b52667c7795a2817a4ca355b55719b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
34KB

MD5
02214b097305a8302b21e630fa201576

SHA1
90c2a31521803b73e847f7a3e0cfceec84df9fa5

SHA256
1d98076cfae6a0a8f0b0b1c654270b900de83e633cc01d98ef63e6a8e485a3f4

SHA512
553c81eb51880f83b9918aef766ff0f41170895b1cda2589f0b69c3d1362de8e8decf14a413f6b5df1fb7ce07fc939211407b29046188b37c290133c9d5e1cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.1MB

MD5
fcb3b79b4ee2a97d69020a59b8d5caee

SHA1
4c8c8dc00b8c71694cdadbfd1fe70358d34a0883

SHA256
36b4ec7a0ae8d3b2f907b88735287ffc68c0c35e472b3c8cc30f49f4387c9f8b

SHA512
7874b3e78d0c0ef2f1f2e417a989550208c20aab398ef9ec800104dc047ec3866863dbbeab379fdbda7643210b03e20d7305a5fb776df88bef72ad89023cb558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
32424676a204f5feeb1c7d939b58abf3

SHA1
ac4d56be399d4a9b58e16af4240d02b55eb742ac

SHA256
3db81f3bf633daa54d7953e9147a4772662521e1c2e9ad22b6328f22453da903

SHA512
4e6ae8805258a9846b9c1c2969d69ea00a97f1e6a53d84e3f3871f570aa5d88697f8c323d139ff94c82f330a0cf663fe13670a5777d1b6df7d99529d4995edcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
88fe0e5800ee866a6b36f9f69ab969fc

SHA1
f52265eaec2017ccbd5d77b3b2161099abf21ee5

SHA256
b57716f490bc44791208e563e0d00327eaf3a60c4e9eb87c2eb5cdba6a5a9d91

SHA512
246a866cc13e6f5d771378effe41210dbbf645b735012912d361e50f63067e6ab8a9635db74e668ccb59ee23e1cbf757c452085ba1f47aaaf72421a7fd201253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
03d86d26de9131273c58c25e30f75dbf

SHA1
ce3742950ca7fcec2cdc005ea84cc84f33e5f544

SHA256
aa80829033cb367f97e0a383f63ecc0e4490d3c3540aa4dad4442dd0885db314

SHA512
d5e656ce41d213fe3690db2842ab322c441a9b37783fc618f861262cb4eb5083e1cc9037f810ae08de0ad41404ff5379d8a759d6883dc8782ca341b65dcacd9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
abf734663f8311ba1e0667f372e0218c

SHA1
4a24fd29de1dac17a0015d3460bcfc20073afeaf

SHA256
fc444491d7c51e2a87c2e1f2ca3c16d5861d022a5f9b46bc444f8fa054825b09

SHA512
daf791fe8ccaa458e400de2bcf2ed199dcdb8fffa9092df560e7daaf6aaac59474ad3d66715f4c3ec50175971afac080b2eceb11be5fcf49e5317138a3b5de72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fb666709bb08aa88f3f3594fd3b55323

SHA1
dbe6645482ce8e0a835864d7765e5179bbe0884f

SHA256
0d9b3b87ba350bec5ade5be899bcc6529349bb6bda964d564d535338dab09f94

SHA512
4a6deaddf9719620ccfff71a241c81cb35b40430715f680f27f5f2b21c3d3dd93eefaeaf697cbb6f2440ae0b45f5edea6c0767c3337da61a5fb53ec0748d526b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5411724b7e52b9b182586147c93fb138

SHA1
4732a03b965a07090dca8a17c1ee14214930916b

SHA256
09d0ca3ef95a264d2eed75ff7ef53dbaa3ae1977688206a9e5473a668b44de37

SHA512
d4b773b895e7f961d0ffa9ccbe9c77aff3e3e4f9ade8fa77e9e4d82512e60f263f40d21b7be1f2f12baa58ee7ba2f97087d128479f905f12231089c613b65ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d35b934a0d3e55fcc27943a0073b9340

SHA1
121405c19a90f7788955098c1e0605ae985c5cf1

SHA256
359aaa4e339e92f520bb4f1c14a85ca8251d1c2c96154905117cd5cacea0b581

SHA512
ad4eacceba53a559ce6fb391793e2c7ee163cc2635c4f653fc656ac4f8059003fa5068677ccdda751fc75ce04c283025e64d1aa299a8c68eef9aa410074e2c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a9962f3d84752a52b05859e0923fa2d5

SHA1
882f199c339ace2ece9c918f37e082d2aedca419

SHA256
864a3385f0b263722b5a126180518d1e2248fd4772ef7c0e2356ab9f41602530

SHA512
649341932cf6651ca1ffa40fcd2f3468126c7f5c31a0ba8e5d227abfdc4e3a6ae80779d3366ac0fc2878231844c4a83f9774e6de1c8f578701c6445c5207e8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\31e1bf05-8e35-4e45-9e66-a7a5d816ccbf\index-dir\the-real-index

Filesize
72B

MD5
bc7413b5e4ab61139252a3b087ba53f9

SHA1
07b681ced3cc1b7da6f2db45836c5a851264da68

SHA256
43a7f28e734641ed496c8a7e6829df13a65c8eaa19c03a948665a741f7aaff7e

SHA512
b561b81f787c23ff897d0fbd6d9da1071249af5d02ab11db2f38da278f84f696dd250ffb54779d94ebc1d313cd99cee6c90ef137f8b68469d8f733c7d7675119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\31e1bf05-8e35-4e45-9e66-a7a5d816ccbf\index-dir\the-real-index~RFe586963.TMP

Filesize
48B

MD5
f8f4af0fe05fe04cda1ef9cd0c264833

SHA1
c2f45f753352edd5df3e1a896bd5d0054dfa9950

SHA256
ea7bf7548ad2377805b0c04913fb3821469f46e8e3cd1de3ce1b95daedf5e7a4

SHA512
32a777b3f986841461991beaa00523b927016cecd38af46f6e5ee3edfe1206798c79cc394b7ea7f9ccff3eef6c95bfca74c6dedd8616ca68b11389a90457d9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\index.txt

Filesize
92B

MD5
b974579daca13d6f421ce679c071f6f2

SHA1
f7070c8b84f3d5aa0b78f59d09eae61f47931875

SHA256
70705ba952056bc8dde5364ea3c581e2f2b78431e7541a0e9b29620d64358719

SHA512
2d68d4f899cdb309d9b9f53df9b37cdc90f574d26375cf47c3a065487aaf645f6665a351bda7e5ac53626d503b1ec1627a233017f497a55487f071a849e37d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\index.txt

Filesize
86B

MD5
25682b00d2ffd8ad3c6fc62822227131

SHA1
55d38b138e130ea8f621f6bbccc0088234cad816

SHA256
f276625611197a67b63ded099f7875a2a6e9bbde263e8824e14effecdce16937

SHA512
649a4c429bd179e219c36e67e0bca8fc80f55fb1ea006a5e73c23ab262fe087d1cf5ca5022c54bab5048306e5b16cb96c32d92eea0ed530acb52fb786d726399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2cb4a4f8502770e5a55ab93cfcb9a426

SHA1
bcb9a275cee9ec9a4b939a774ca73ad5a424104c

SHA256
94a1c99240e87ed6f5521a40add863bd6a6b3e9cfa977aa04b138a058120dba2

SHA512
6f91654b572fbf4cecf1a5c6ba2672a16aa35c53aefb4f347cae5e78396a6f5db11496eeae83b70128e5ca7533a74e41e201eb1fd596a5a02651dfe9a432e056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5868b8.TMP

Filesize
48B

MD5
9de4fd8d6ea675706bcca4aac15bbfc3

SHA1
31bbde61dc37bcf2ec93dbf0a812277bd1b0bd71

SHA256
58a016f9a32d84b2c636f4359f6d0a12b616694fb331ed6b84f769ffc664490d

SHA512
58570c57210f4d9b69637bea9193271053b2a66e9268e44c965030e0157007d1e18f63b33dfaae393f3f529a6855edad17cab826bd639fbd203427ef1dd202bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac91967e4c156f02fe98ae785f1ea968

SHA1
702457a909aa125aa01764a69b084b9cd71cba19

SHA256
40e24ba8bdbb870e97b28cd7004d2560e6b1db3eeba024fc280bbfdb51161535

SHA512
678b780ab83e359af279b5436673c8c09bc7b1fcc95b694a90083beca6f131da8f01721601a3e0377940346a7e9de5e3faff17327c207d2cebae35916dfbf0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16cb18aff45f228ffa5bd978bf6c266e

SHA1
14371fe4b5f4cd55dc935bf3cc86a2cc4ecd92c4

SHA256
d7ca8342e34f2fc5a85229efda73262643cd49e14c3640198227f138aff0a97c

SHA512
5db4b50192ce26d4770db8890bb55e6c1229782d0b81b0ffbbd10e94ae4c5b487aa040e88fcc0f73f27a6d12283486cde37d87eb33f68f007391f72b98519df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a6cf.TMP

Filesize
370B

MD5
90bcd7c43d33293509b7ac6c487da0bb

SHA1
8cde18e5bc98fa6a32f07a035a6cb5b973d2c1e8

SHA256
2567db08ef9fcb56d7cf7400bf3509ad8f78632c5056b0b88067e0ecd69df0a7

SHA512
9e1b1a80e52af3128fbf02774398ef02405165bd7a2a9c7c2c29905313f670645c771b0fcbadb28b81771d41d16a47cde384b8f63ff7a7af2c079ddcbd05bce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
165196db94b63365928acb9bd9d547c9

SHA1
696424a473c929894d2fe9b9130287f333e0d456

SHA256
bde7b9a46ea30cf7d8cf0260ecc7a25e0d06bdff546e725cc8cc723e63183fb5

SHA512
d513238f72bfe4e0b28ea76f7750e41f84f3697d33f63cce0c9058345637887282fda309a5c467b3b66834199cfce6887f8000ba94b179aa71c19bceb7f81e9c

Download Submit