hxxps://www[.]mediafire[.]com/file/fv9veoyx2lf2x66/GX_Image_Logger[.]zip/file

Resubmissions

26/03/2024, 10:35

240326-mm4e4sbb2x 10

26/03/2024, 10:32

240326-mla26sba7v 1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/fv9veoyx2lf2x66/GX_Image_Logger.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3664	msedge.exe
3664	msedge.exe
5592	identity_helper.exe
5592	identity_helper.exe
6644	msedge.exe
6644	msedge.exe
5556	msedge.exe
5556	msedge.exe
5556	msedge.exe
5556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 4572	3664	msedge.exe	88
PID 3664 wrote to memory of 4572	3664	msedge.exe	88
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 812	3664	msedge.exe	89
PID 3664 wrote to memory of 3648	3664	msedge.exe	90
PID 3664 wrote to memory of 3648	3664	msedge.exe	90
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91
PID 3664 wrote to memory of 2276	3664	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/fv9veoyx2lf2x66/GX_Image_Logger.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88c0146f8,0x7ff88c014708,0x7ff88c014718
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8652 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8360 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:6260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:6604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:6800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17627014706280448875,12054883109544116356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
23dce1e7d9fd6ce1695d9212e5879e37

SHA1
e45339808929626218387c29f0e4b94762699e38

SHA256
e89ac7b721e3f4e4a7a9957aa67c140b720666988685ad28ee5e733ef149cb4b

SHA512
a4e4a2307e7aad67ec06f313c5948fa082d0cbf7c8c323d260abfd7a9da038105c58ce854dcdd60bbd4126b9f787771bf6240ebf634b245bdcd2056ae30ed4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
57KB

MD5
582342b7f32ed6e5bd3103cebf2d251d

SHA1
1269f027e9caaf94975881e47f704d7d19b735fd

SHA256
a362d138e1dab9c7381b1db35d0787e37c314973f3cfbc73f4f6955fbca79b2e

SHA512
936702cc06be2f06bd61e006d56b181effd591c25475a12fd5797471f61a921a868f9acd0f82ed494542276c9c4088abd9889de51fb19f52a5abde735e5930b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
19KB

MD5
cdc8eebc5968b93310be705973258f07

SHA1
9330a2fdd0c76768176dfc208e575a0f14e9c8c4

SHA256
caf19c50017498e002e2db63f5f69ed0df35b84831b6faae80c6c7272fdf88d4

SHA512
2cce3b115f4e0115c21f9790320b41f2715d550793cf8d65e462758cb16371ff063a330ab1291a1adcba6a63b994a32b476ff95b14eb88052455952f6f223fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
62KB

MD5
aa41473732f30d3b58deb7b994624a04

SHA1
785555553919d805666b4b135ee0cb79b3aea51e

SHA256
7a3ce70f6a14dbcffeb2aeddc3f22dad500abaa0d18b387e4930e36bae09ed51

SHA512
00bc19d8266aca5de6b551551d8baf8f537b8e5784566109cd9c24cc6463a652ef7d1466588e0401a7d52c226647454e5f992c4581b2166811294091e3040af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
1024KB

MD5
bcb031ef1397a8791135935f10c40aa9

SHA1
5b85c5c7d5760b43136e87d00b304291957e03f4

SHA256
b9bfc1984331821b997378569b061f27b6ba1c6218d2668bcfeebb2353499c81

SHA512
316bc97e1132f3fc2b5803c953a24d73962ada6213ac7483c43c9a0321e1565bf9aa2f3842b04650fa903888e5f3a2de63f3bb9fa145529421777bca07b5157d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
24KB

MD5
ade7c67086ec296894094a74fd918d7f

SHA1
a047100b5de0521c2667591d11d090dc1a34b9c4

SHA256
d60b1a53615a2728d7e5cd29ca5c7e3ed981b67a6a48a2f97541df1079778d9e

SHA512
2deb11aae78f63cd8f481c2cceecf5dd5dec1a840bd4f151cdb7475df4124fcd8d68981df6fdd253c0f937e98db1a1bde95ef0428e30b3626909aa262b54f4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7c4eef02ff7ed9d859e569ee218db025

SHA1
02e877715d63ce0e7aab387a68fb731b5b6dadb0

SHA256
35fd7c23065b4921b6b8e1164b509364b29a1adbe045a444b46bbf7137b85f0f

SHA512
e63cf7e5d2fcc1ce7201ea1872743b598d31622bf5bde93ddc531649732d748759ad3dcd86639e7af346e487c214eb02ba5a4150e91577889df0cf9e4373d27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
1126a69e2317092cbfd7e5a3f8f03a04

SHA1
cab7d37f8835cb1a790f151b6732cca2414c2310

SHA256
2ed6c7e6082c4b576922077406e38218f24332843c7c7799faeef5daaf865465

SHA512
41195dca2a06b942b3fecedfea68fced302eef6c1a98ff8f4a40d9ed9ac84cd5451d41228a8935a516e1fe92a9fd4435e505fb810ca68eaa3759b55a87afe40e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
061493fabdf97617e346cc210cf8163a

SHA1
ad5294a939ff291c0882c5a01d0495db9f7bf625

SHA256
2898b5f21cf98664d50cbf42c1118d54beb2c90adbd350a5cfa2a7ffab16adbf

SHA512
1e5e81c477ad14a3004640b72807745b844c7df5661ba030733a429b036255a58980d7015e87e34c4cefe9bfa6752a8a507b643b5c4bfae0bfd435ebc1779465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56d69c0cce6e50a5e2a23f6ba5035c86

SHA1
32851a8ccba8587c9a278e6133441f1dd3d18ec1

SHA256
786486f4e8331b3ed3c0b91f9feca310d2e6b1ac46f9930946e7b6511903c3e9

SHA512
825503416b7ff4a68305a078f767ab6e600b7f6cde10df9f4e0623ee3b3b172095b6432326e2ff3a7becfcf1afd6db511d265a698c49560b7b88cb61efcce136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
91e1d0aaf5107112d694d86abb6f24e6

SHA1
6968b74f882cd08a96bc3e69bb6d89bafbc6a285

SHA256
862f6457561aecfd1aab75cef8e9adfe50244734d07b5aee59c310c25529c692

SHA512
1b4d891494c4012aebcb4edc1d1d464a13702d6803df08f3646a427855db065e5630fe8960051c5c62ba164ca660ca1004fa6bbb12b240a32f90af32fb923e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a18762c4eb5e4be7e85986c14dd74b01

SHA1
b731463040b7a2dfc49fbf8d67e9c459920088c4

SHA256
76677aba032a350421c9e1d50e058a99646338d7a251d5c680061dea8163b0e0

SHA512
e20d71c778619ed90640a8431635533908f95744a208583cb773a6a276f469f2f44fc387752e336b37adb05d2bf8a511d97bfa82ed57ded0ead0a26dc13f125b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a698b8ce0425441a6d6fc4cfeef1c0db

SHA1
63787d20424a2fa58b3efab2899a8e2ae058920e

SHA256
dc8c6be7eb48dc701ce556b4fe0b8e228ef3e3a62b82ca36f3c12f53f9887456

SHA512
79bff86612fe8610b23a9681a34e253f4164bfd212bbec7094fa8839e67882733ad4dd700ff9b5ddd8785bd7b45c7725fdfa05fe71c50db21ba4a005b7b6218a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a62238e912aced4fdf91e4d5863f119d

SHA1
0a526dbc7e9ba6975941e9172ff9ea0186cbd540

SHA256
e4e506993487dc5cfa7d917a47f3f5ef93bd358baf7b5eef64bbbed2694644a9

SHA512
1112f2e81d68a6b1dc50bcf08cdca4b26da145c968906d08d5eb51464c3140205f301d1cd32683ea6e8e813e4dca213f6c98418d4e1c281e568815534e00f024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d36648b5322062ee70ae49cfef7950c1

SHA1
f147ed8cc409eb3f689f3d3b5eb9e199990a29fe

SHA256
bf7a152305c6f1cb6c977ff04a10a41be3b8caecf4d1ac80fae575d59b07e479

SHA512
961df9d56c2d0a9c542b0fd551ec777c3c89532ee11453877cfc9290696ea91867f3720aed975b706b944ea8c00bf8658195b0de6eb972a0d23b4349d7a6d88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ea207ee73d6739465ad1528e579abba8

SHA1
4adad817f24a9cf71fe44a5332e250a0e66bb3e0

SHA256
13a1b3b115099b5478b4752028c670d5907b594ad220f3ec74703404776b4de9

SHA512
0019817b9c4c5455dc56b8b12fc4a31f5c3c8324accd2350cbbaaf6f77a179209a65fb53f86eb5ee9c11010653b9cd0eb51a28dccf6ca6edeba0b9653faa1e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ae60.TMP

Filesize
2KB

MD5
2adac86d85e912a2f587c77ee6956ba5

SHA1
596131bf23ad692e607c324a692f71e9bd858f5f

SHA256
532d0cab15f0f14500a8336675777f3c83f95da0594649d48592d076f6505643

SHA512
ea6a7bb69dce5b04c90fef95d6c3ab0ff2083bc669b3a1222f6736b30dade33d91a8f4f81efe48c61e87207996ba4aa00a42e6b879962b16e9b0ce787131f92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c0c61b4c2dd5fc3f21b5769d8cda4af

SHA1
2242ffb7857263ead03a16e4a9162bb6136e4fa5

SHA256
b34ff833d49c8a9381a9c832b2d8fdc43f5a340df0cbadaf933a37ef119597f8

SHA512
a733f63da5413c1ed500381136ab3437863499249427bab148e8c61f34078566be7710b025649b549ca4e078fc1da68e61dc059963f7f215472372223f34991a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e7dbb388b07c2eb1d1edd7d0c7f32deb

SHA1
47cffe74782e73e4df6bb2bb1ff8b4c2300d7622

SHA256
0c50eddff5aa5105df266b6e22d23f64a782daee0ed4c8a53e2834962ce33e39

SHA512
c62f222b5a2a830750e2f205bdebfba694dcfe3f02ea525dfa00a09993b536eb1c15ee2f8c4fc3b2a354e84551e86607ab335f897d18c4a12fc45d5c6103a981

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 87073.crdownload

Filesize
1.5MB

MD5
9fd4b6e32f2c2de8c0790cfeb7694d35

SHA1
7509e1baa38c1dddb7f2f497c25932f5ef385110

SHA256
8217ca3a15d48963bf39e35f6ebcc1ddecf7aafa633d8b27f4859df3f486994c

SHA512
bc747269d74c99451d35b4c0e7a983faab42efe8d27c0de2e96e5e30fd5a820681d29a0bbe469479888eafa723d18d499aae7d59105352c4cbc672af14bdacf6

Download Submit