Overview
overview
7Static
static
1URLScan
urlscan
https://pastebin.com...
windows10-2004-x64
6https://pastebin.com...
android-9-x86
6https://pastebin.com...
android-10-x64
7https://pastebin.com...
android-11-x64
6https://pastebin.com...
ubuntu-18.04-amd64
7https://pastebin.com...
debian-9-armhf
https://pastebin.com...
debian-9-mips
https://pastebin.com...
debian-9-mipsel
Analysis
-
max time kernel
299s -
max time network
299s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-03-2024 01:13
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pastebin.com/m63j5p4E
Resource
win10v2004-20231215-en
Behavioral task
behavioral2
Sample
https://pastebin.com/m63j5p4E
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral3
Sample
https://pastebin.com/m63j5p4E
Resource
android-x64-20240221-en
Behavioral task
behavioral4
Sample
https://pastebin.com/m63j5p4E
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral5
Sample
https://pastebin.com/m63j5p4E
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral6
Sample
https://pastebin.com/m63j5p4E
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral7
Sample
https://pastebin.com/m63j5p4E
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral8
Sample
https://pastebin.com/m63j5p4E
Resource
debian9-mipsel-20240226-en
General
-
Target
https://pastebin.com/m63j5p4E
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3564 msedge.exe 3564 msedge.exe 4004 msedge.exe 4004 msedge.exe 5640 identity_helper.exe 5640 identity_helper.exe 5768 msedge.exe 5768 msedge.exe 5768 msedge.exe 5768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
Processes:
msedge.exepid process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4004 wrote to memory of 3792 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 3792 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1108 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 3564 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 3564 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 4472 4004 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pastebin.com/m63j5p4E1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd7cc46f8,0x7fffd7cc4708,0x7fffd7cc47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,12735627568740072596,16335948300663378937,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8540 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54d6e17218d9a99976d1a14c6f6944c96
SHA19e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA25632e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA5123fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000eFilesize
134KB
MD5905260e93ad24e051ae273b355005be7
SHA1ee3a57ba288fbca4e5b2d177f92e2f1be89021c1
SHA2562f55472f20f03ab615997a78e6ce099a18021df507ff9dd268b4665dda720eb6
SHA5128cc2b2d466993926d34359e326356ca8114b1e90344ec2e987aba13227caf603e0ac9959bb01adb9d28b0b8dd1c8faa5e68a8c7900bb7c2806484b936da42e83
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001aFilesize
242KB
MD5ec1d6f2a95ce63412ac2a26f98d2e278
SHA171dc591b9dda38379283a88a1d855ad3cb31ffde
SHA256ceb2ff2b2503d161d3df7cba93731705a44582ef0a4ff0c0caab8a43176e14de
SHA51256f7c53171f497afa4fce571945d6c59700f9d9fde77c1fbc7793b2afdaf0c7a82b24a28c80ea5fe8f27e103a813a06be9b23b71beb5e24af8ee255805b55704
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001fFilesize
62KB
MD5cfa020ca66c38d717fe9da70815165d8
SHA1127b15a0d8d5dc35996f9892bdd34b9c118b146b
SHA256d840f4248e17d6c34e790cfe150d81bf6d6db3fc0fa8d82c36029e63db0df303
SHA512d77a02f6e92ae56f7c17426d507bd61493b4ad11b3d664aac5fd08b9d91b3b06813aca72ced00030731ca39d602e670501713657f3d6cda21dcd7fc9721726de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020Filesize
31KB
MD5c58b2cdc4b2aca6d0b2c5b3cab3f8bbd
SHA13d22bb3caa7a2f4e4c58f496671c87f038641dd7
SHA256453190c377780c54c85af5ed4ead80ac2d1dc805c7e5bd5e0c2a836f938e214d
SHA51209277e9da5da3c0230c037977762d6a60668279cacf98cc28d40b1376b4c26209dc03ebe8a402f5242351e23c4d054098ce25b3f97f8d78853a0c02ebd848418
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD59b2e94bfe7964a51a09638f5cc65f40c
SHA1a9131303e3cd169fb07a17dbf9ba583e31f46b20
SHA256ded2898eb59b825c9ee183bc81929ff7018d11b1d048cfd5b5a7f92e61875bbb
SHA512b2b3c837d63058e9dee7607dbf5ed2c4a4410cf0d6800acf455defadbf1578197142abd3bda1f5c7485697e9f5a0b90f2b75a5f43d8ccb1ddaf3c09deb6219cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD57fa01ee01ca52db99ccd345f56bbb9ae
SHA1f44437063a030eb95c5ecef5f43e0b439d8fd685
SHA256d30349c87df7d0b17eaa8ee87f7d4739eb0518c28af55199bbd88c5f3676d879
SHA512e16d80ef471ef22d45068c71f4075c53f1b06473fb8e1fb760af4104a05e2abc93a57bd0c4f5a05cb6756042d2b4f0d7643976c70e8ad690725ad76e07fde834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5d138c750c209fd8bcba035f9f6b155a2
SHA1498d93711d611912c80f56e6df260c9d7ada06e3
SHA2560f2b26cee59f5e84696414a69e855cee4a79dc18cde00f64d674d39d7cf098d6
SHA512f4825cdfdb30a9295d4f259b2cde67c73ff844b3cf37f7954ca868ae289261f9175a09a48fa4b4954f3862bc2b00359d6652d225edeced8478cff5777f69ade8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5789255bab94ceb2e9680e15352777aaa
SHA12e2c91e8f6abe5bd65e7e4f1acd55a4aad23875c
SHA256983542cbe529691a6c3b218c07ee9b654148a2fa061a2b8bacbd5a418098a5d1
SHA512de230a064529eb6e050325d04ba9068de71e50056ef227b7fedd95869482efa1c210763a064bde55ec971a32de19e2e3d02d95dedbf82b31f96208cca7bf28fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
7KB
MD5aae56b84bd691c9adb66262819cdb162
SHA15b80f4a134ed00cf605f2c79c61f01b6ae33c523
SHA256111226de01f3d926ef91b89aaaeaa4730935e3a73fed28ff578a8c39f83c3088
SHA512261d2c4b5faebc8af1d34d10a22f050c920b752a744c23631efcb1c373c5d5ac71557bb16dbea5ad9d359af2e0bd3263ae97875892a6fafbc9bf5b876c747028
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
8KB
MD5c8a64f4754de6f4ab03170681df6e061
SHA11b37f39224a34230d85f2402bceb832be019b4d4
SHA25655e664ce55dc76bb4178f00f8ca3c0181ef65120f1033d2584d9d4f0ee64daf4
SHA512caf1b62f35f8d03d3e5077465d1647a191025a4dd59af6a3a1c51332197286d3dc7599f531dc11c9763e9bb1b0d149cd60456d7909bb7d46f68d50b4e4abd50c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
12KB
MD52e78592ac4a61b4f834a75ec7f7b0565
SHA14e4276fac724129071e6e922cdeb4142f48e2378
SHA25641afcd4d4c9a3760353f90a7c0fdc648e65174abfc956249bc4f08ef5abb3a9f
SHA5120653a82d11ec133fd37f9538325efe2f67494ae87f484ff400f541c6d13372529e9ab56c56fc859b1b6138bd929c5e29b3880d1650ed3e300083962c56c750b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
12KB
MD526d420724a45568162544fda4ee6d22f
SHA18265323a561a01773bbd2e0241c275a82a79c922
SHA256374ba01e01232262ca51584413607c7e7dcaba99dfd342abfa4446612d002c6e
SHA512744bd3a82aa86e20d173ce94181c3cd84e2a893259abe99141ca5ee6e32cb993d5bae8389b2ca8df495bdc256634a5b5088ebb91f994941debc0468407a392f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5c3a5d1359d87b1af39be573b3f13750e
SHA18be61b5fc877e220bb696e92a7aa77ac702a55ed
SHA256427f4872c2883ac55d12eba826a1ed6729778a6c435e71ecd2427283a50a3916
SHA512528eb511e08b845f172cbf2a5064a9e4eea3b0cb8ac635ec3ad6cd0745530a6350991bc8aa187cdc79581bf0002222603da21a94277c8a7ee380f4471f9f7c4d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
12KB
MD53bc8b44f12518061c73dbb2989747069
SHA1adf81194193192ab949c11922a909f3ebc048ccf
SHA2562704b872f7a1ae5368418dd372bbb71693bb853fba951791e5a58b840ee3339c
SHA51288954b938718445482ec740b6cdf4ad83c46bdb9256c359d9d1dc9cf96a3d21c500760a55b945c67f005ddee43e25a395a2e5201d9ccbb240fb01a563abe50fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
12KB
MD5eefcdb34b925e32184cabdb12e957e15
SHA10fcd3aa0d4006a939cc2a3db1dcc7a6c50a3ea0b
SHA256c2657c76a390576f11948567f2567c3e34fd0b64bc02520391f0d59b8b37fce0
SHA51297638fd8c67cda4b7ecd431f3855103e416abf9c349571ac145a9c912c40d39df16372fa4448714059d44802aa5e44b472beaf4406a2ef26237483508acba2ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5c2ef1d773c3f6f230cedf469f7e34059
SHA1e410764405adcfead3338c8d0b29371fd1a3f292
SHA256185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA5122ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD58ce74211d9b90996ca09b6fe4360948b
SHA1c889cd2497b0b4533e570b60c50af8760d37785c
SHA256f5cde22f62c318df3c6366bbee2be646487c5a391b5ea258b9aef75158b1cdd7
SHA5122e2de9067910c04a9895dad4373ad62bb14937bd0bb3cf4909073503b4f464eb8ac085b976e0ac09aa14c700cf3761913891b83abcb1952abb7d808d59874b50
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD53f8729af3258942078f26c097d887eb9
SHA101f59c1a03c5055cfa7942aab23223c82c38c6fc
SHA256b018f80eafd9c86e367b2493a350c7a97f6f8a74310f9450ae25c3847a8f3727
SHA5121c8489a292109c5f9658e47a83485c9fddecc52f11a7168b095d57bae9d37528660065550ca48cceba5258ce229dd924dac3eaafc9c15b83794d32b9767d7512
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec83.TMPFilesize
2KB
MD54db1a5f42ea6209c125223ec2010f645
SHA137fd5b19413dcc58c61e82041aa7b611cbbd1552
SHA256a6874645eb4dfe7863cd7e76864a3d620ddf28d93a85b66f849f15b017d779c9
SHA5120663f88a9f02ddc77c286064626d5f63d0af6782d9502de64c2056072aff439a0a6d27b6ce4d1a01963008be6ca9f42b16b7e20ee172f3ade9114f794ff95f58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5fd8ab76a3d8197b73cb383dca2d23dd8
SHA18d89573a5a4abbc36f3575d1666a58f0d9408d0a
SHA256ebcd6992cba2bd4dce88487dbd715c32850eed42d4102f795d78cba9bb6321bb
SHA512fd019909a2081efc1eb83927c3e805ad9f126d3651151dfc515345d857f3835eada80d8911c5a0afba7bc6baa8aaa9d042dd6d50acb6b38bfb46576f624e8cc6
-
\??\pipe\LOCAL\crashpad_4004_RQSDONFWNBTGNXHYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e