hxxps://cdn[.]discordapp[.]com/attachments/1206061842036817953/1227054460434513920/73431574538__6C7A49AE-C9D7-460A-9EA7-3657FEC6896D[.]HEIC?ex=66270284&is=66148d84&hm=f3840a051d414adf3b7b273322f55a789058706d75f846e3f998604f075dac6c&

Analysis

max time kernel
272s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1206061842036817953/1227054460434513920/73431574538__6C7A49AE-C9D7-460A-9EA7-3657FEC6896D.HEIC?ex=66270284&is=66148d84&hm=f3840a051d414adf3b7b273322f55a789058706d75f846e3f998604f075dac6c&

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1504_1926405941\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_75_4_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1504_909686824\_locales\ta\messages.json	msedge.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Checks processor information in registry 2 TTPs 11 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b3a38ce0bd68da0107bed1a1c768da01a58810a1178ada0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{639597B8-CC89-48A1-A5A5-5A5B8B83B330}	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{8684A6E1-5AF9-4881-A116-666F3E14C6DE}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{00BAC272-1271-489D-93BA-0398473442D0}	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{4DD4113B-51D6-4FFF-83F2-6D642BD7F2E7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{60D0DEE8-A0D5-44FA-AAEC-22DE9B7B89C5}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3056	mspaint.exe
4368	mspaint.exe
3056	mspaint.exe
4368	mspaint.exe
1504	msedge.exe
1504	msedge.exe
6012	msedge.exe
6012	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4844	OpenWith.exe
3768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2288	firefox.exe
Token: SeDebugPrivilege	2288	firefox.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2288	firefox.exe
2288	firefox.exe
2288	firefox.exe
2288	firefox.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2288	firefox.exe
2288	firefox.exe
2288	firefox.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4844	OpenWith.exe
4844	OpenWith.exe
4844	OpenWith.exe
4844	OpenWith.exe
4844	OpenWith.exe
4844	OpenWith.exe
4844	OpenWith.exe
3056	mspaint.exe
4368	mspaint.exe
3056	mspaint.exe
4368	mspaint.exe
3056	mspaint.exe
3056	mspaint.exe
4368	mspaint.exe
4368	mspaint.exe
2288	firefox.exe
3768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4368	4844	OpenWith.exe	118
PID 4844 wrote to memory of 4368	4844	OpenWith.exe	118
PID 1504 wrote to memory of 4932	1504	msedge.exe	129
PID 1504 wrote to memory of 4932	1504	msedge.exe	129
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 4328	1504	msedge.exe	130
PID 1504 wrote to memory of 1176	1504	msedge.exe	131
PID 1504 wrote to memory of 1176	1504	msedge.exe	131
PID 1504 wrote to memory of 1704	1504	msedge.exe	132
PID 1504 wrote to memory of 1704	1504	msedge.exe	132
PID 1504 wrote to memory of 1704	1504	msedge.exe	132
PID 1504 wrote to memory of 1704	1504	msedge.exe	132
PID 1504 wrote to memory of 1704	1504	msedge.exe	132
PID 1504 wrote to memory of 1704	1504	msedge.exe	132
PID 1504 wrote to memory of 1704	1504	msedge.exe	132

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1206061842036817953/1227054460434513920/73431574538__6C7A49AE-C9D7-460A-9EA7-3657FEC6896D.HEIC?ex=66270284&is=66148d84&hm=f3840a051d414adf3b7b273322f55a789058706d75f846e3f998604f075dac6c&
1⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4040 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5108 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=560 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5936 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5624 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5272 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6260 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6384 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:3596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\system32\mspaint.exe
  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\73431574538__6C7A49AE-C9D7-460A-9EA7-3657FEC6896D.HEIC"
  2⤵
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5352 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6780 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6888 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6836 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5652 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
1⤵
PID:2308

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\73431574538__6C7A49AE-C9D7-460A-9EA7-3657FEC6896D.HEIC"
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:5088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x23c,0x240,0x244,0x238,0x214,0x7ffa2d402e98,0x7ffa2d402ea4,0x7ffa2d402eb0
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2224 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2260 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2516 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4384 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4384 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4640 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4028 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4796 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4808 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4464 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4804 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4448 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5036 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5524 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5592 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5996 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6136 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5040 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3600 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4008 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5108 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5060 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5776 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5000 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6300 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5928 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6708 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6960 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=7112 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6032 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  - Modifies registry class
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7100 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6720 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7512 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7648 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7632 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7752 --field-trial-handle=2228,i,12483840252968385524,8021886572446077968,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4584
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.0.2044156868\2064304951" -parentBuildID 20221007134813 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ded90da-89a5-4bf7-a28e-441a6fd1e13d} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 2024 14eb6ada158 gpu
    3⤵
    PID:2340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.1.341874060\1450958922" -parentBuildID 20221007134813 -prefsHandle 2380 -prefMapHandle 2368 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {974400ae-acfc-4cb4-840f-55c1a630bc2f} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 2408 14eb69fa558 socket
    3⤵
    - Checks processor information in registry
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.2.435809487\1361642560" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3100 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {249d6ca8-ec35-40b1-a7b3-bcd55ff7da47} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 3116 14eb6a5ea58 tab
    3⤵
    PID:3012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.3.1603926812\682684946" -childID 2 -isForBrowser -prefsHandle 3832 -prefMapHandle 3828 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2491f4d3-6db3-40e0-8d99-a7ea107f2166} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 3844 14ebafaea58 tab
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.4.259036451\310118773" -childID 3 -isForBrowser -prefsHandle 4272 -prefMapHandle 4268 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2aab34b-92fe-4c22-87c0-de78cc447a50} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 4284 14ebbe7b258 tab
    3⤵
    PID:2976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.5.1228339167\1082952271" -childID 4 -isForBrowser -prefsHandle 1784 -prefMapHandle 4996 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2b2672c-7068-439f-b958-22e019a10137} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 5132 14eb95ee058 tab
    3⤵
    PID:5696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.6.359295154\1141444026" -childID 5 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {548dae76-9e51-4e22-b222-e1eea00b5904} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 4648 14ebd298358 tab
    3⤵
    PID:5716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.7.731054503\115885628" -childID 6 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2536cf59-dafd-47fc-b1e2-504feff50c91} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 5452 14ebd296258 tab
    3⤵
    PID:5744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2288.8.280463561\1876184942" -childID 7 -isForBrowser -prefsHandle 5796 -prefMapHandle 5792 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa93e6fb-67e8-4ea6-8a25-4936a562a2c5} 2288 "\\.\pipe\gecko-crash-server-pipe.2288" 5804 14eb95edd58 tab
    3⤵
    PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:4276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\798dd931-6b98-48d3-9427-20222247406e.tmp

Filesize
52KB

MD5
1750a4d0258ffa1ab3520908eea0f920

SHA1
ad8089edd5b3c69d5c702cf70f0115b7751377ae

SHA256
b485e97b4f749245a46970ceea5694f1f2fc1d83ddd48f7bf48d864082ce96a8

SHA512
9b3673dd839947be9a614f34bbd7496cc26ce26b924c77fb90a361525eea99a131cf800c22409f3e925479da652d825be56080a67f2d133d53db3d01dc3853f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5650bb26-e21a-4c21-abc5-852189c91db4.dmp

Filesize
11.6MB

MD5
c9224eb1c1a6a9f1758d35bb834ca30d

SHA1
8a2421159d6a7b23eb068ab8646c866112dc8658

SHA256
d0833e5f4ed435c8bc7a1fda05a78534b416bcd0fcd8a274720db63ba4bd365b

SHA512
ab09c40424448b887c4dc11498c0716ff71d033f05d34a958939ba0fddd6e31f844f3fc4d24cd6f58bfa49cab7e530f7050eed891310cc6950fe0cde7c713659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
59f7267b3c6bdff290d947d11335ce85

SHA1
83b34389db3067b588e48c7f19d105e83aac4891

SHA256
630e25f02a296a535038235d45af789842c249e9f3ecc49fd1370a94e44fe547

SHA512
276e467b6e7031ed287610f85acef98f92ea0eb6f639621e44d2d83266b691e5b368e9468a1860868b444c4e90ace53525f65fe99d640eee802fa7722bf9ecbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
889cabb3ec4240ef8bf3b7c0ceaf49c7

SHA1
8fbb89b137dc77f9ced820b7d02a0e6232875942

SHA256
d5805065d46c45ba3fee6024b2bed1cbe5f9a4e1f031575c7631e14028994bfd

SHA512
96089dad8bd7f24d290b4ae78ff640c50ac3937308e226ba12ce4d69b52e2b3c5baf979e10842c902c1524dd449f05d6bd7c59c52f17a150cce663b12f3bcd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2c08e9527ef41af8751ee0f55f40c7ef

SHA1
90830f1b33685d22ec87146d15171a5a9d88c23f

SHA256
281f1dbca91ca302891999d833d551bfe52856143af9dd0503349c7be59a1b77

SHA512
5ac28efafe1c737d1df4b9883bf466fe12345ebc33a5daa53e5e73dbbfd544580af4c96a94cad61ebb705f2bfbbbc1314557b66e859e2b090bfdff795da82c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8cb0e7bbd5f9a93c43f3ca3e1314c23a

SHA1
0bc1a97ab28ad74b489e6fc282f074ec96ebe564

SHA256
214771a3153d7a4585f20673bf2ee7ce75d8169f5cdf8801532a3d3388e5dda0

SHA512
5e14211f305908d5c00a7d9096e9adcb169f33cd464408e81989b8071dbdc114fccb098852dfaa89b8a443fea60860ad7eb034d3aa7916c0826f3706c012ca0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eb5baee9a37b4743d77ea1575613d9e2

SHA1
6f58ca26cf30a9040b686e21915a276579a7c5a5

SHA256
01e17d2ed12daf5ce0e36154d8171f3904ed601a54f0bab266049c5a46ff52d6

SHA512
35208f643ac510bab7cac5c03b5016797e6d3eff5b78c9740a1b6e9a54a4d1551d8f5eceec48d30939c17edcb704e0b0cc221e411a3a5226e557e182c0339c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
205B

MD5
b168fcfc7c29fa65f832e1ae45711406

SHA1
251ad5ae9e65dd920f7a999806af3c8f8d31ff9f

SHA256
17afd00b9138824cec817aadeb2d026a6c13a0034d9e8da8e9cf7ffbb147b568

SHA512
8a4587fe9ddc54d055c6a1f0bf3446b213f0686728732a88690f0b0b6e5b0e6481572a683b378ab0c618186dd95075c6b484d63f4ee5aa4a360b0ee96e79341a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ffe3488689b68943cdfd3a5e8a404c2c

SHA1
22d959b0796bcab6df3ceb76ae89eba4437c39a5

SHA256
8ae79f1c62c2d570a1f2bad568aefe81f58eb5399a0280cf0f008aba37a10d27

SHA512
897eef8cfe3ce0a2d1889bede1883cef05b53b308882493f0527eafd4b732468d2114929fccd7d2e2c21a8a82b9cd1a1862c1a908166f382ca1c7e20a4595e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
509B

MD5
5b218bfbfbd7755873871f6eadaeb757

SHA1
53102212aaf6707a62197e437fbdcbb01ca32f91

SHA256
01b4fbf91bfb65845f8288b39533f7f765051690405ea36c2abafca08a7e894b

SHA512
6bcce3d784a5688f4257e245f84369d9a4748f640e4ab9fa9ee71f7f84af3052912ce6e37e3544121e0300ad4b35389cb6f5592f69b9f9e8bdb979967ead863e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3644eb9770d8fc92b710627ae39e8da3

SHA1
f6820c8e1e4b7e00b36bec94357f1ee25ae42c47

SHA256
b1ef903a5d292b9d8b022269ae04f616e3fd7eaedfb547446f5e91658b9c320f

SHA512
2aabff9cbbc91bad0c6c4016e6c590958a9ba699bc35cbc212bbde2c9fcd9f95da83d805d0c36d262bc96bbdad4b3450fd98d9303f994c23f23ab7a569214b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2028af9e3ba0c6c9d06949131de179f7

SHA1
d31ca037e1a0874854232913038b2552f2ac486d

SHA256
ad0e94b79c28a4ae0470da932147ee7c766d45629ca580180aeba3964e7d3173

SHA512
5d76812d4a348bb2468e29ec702571107670261efc9f25dadb92e09832d3ce7935a928b771186d0cc4c952208f864708e3db8d9aa783371a447799e5019e04ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
21db010100d77d68ab96ef4c2a27dd03

SHA1
8b7b3c4ea1c96a6f2519c655c580ded6aef9c8d6

SHA256
ae031ec198d80530e3caeeebc286539d96b4d931efd440437f33e47f5898d82f

SHA512
f7f1374f7c6d954fd3c10420ef8a58ee6ec37307d8282c25018477d3765d04785cea10ebb5e8618dbf87cca50f2375330402791e1abdf51340d8f7b8a9052261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6798d9f719bccd9815913ebfe44e32d8

SHA1
1c93bed8f9a27e014ba48c5a93d570a34dd26591

SHA256
caac4389868c4e980fac34e7429cae9f6d6c28d6d76d9aac833073549ab3302a

SHA512
cf064e2ca8cde9b4f63094adf6983bd36b67d92faf3d4c7126bab38d620713cf4596dc4c26c28ef317036dd198e3e5a2a58d5d539d3b68ef9592babb44900b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8cb920b58165242718dfa5a7f4d982f3

SHA1
15203acaec65d246c36b2b7b2922e0a4295ec83c

SHA256
d7d2dc383a3f05c49d7b029b83f5c1c49bfe331ea6e42a0765e3f35615a6fdb1

SHA512
7b0a5c833bcc83c8843be9ffb1ceba08b35fa1917edf1787054f9d3b1f5077bade974768cb954ae4ecac1eb0f0111b0f85ea898ead209d8c0e3aed54a4d9d6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e53bbb4685912367fb288a1991d79fc2

SHA1
d7ad4c66727171a6c3b9161c256204e57d67a4fb

SHA256
bf41d4296c6291c4f2df0da772c6d3c9b5f7c6ce29e28fe078febfa1c8479205

SHA512
e55e31116d0d1dc27f7903908b933166937a3ed39ff621835a4d4ecd97ce7a8c7a3bfe5baaf843ca985ac36ea18b3a1e8b17676d25c0351e5e0a441b2a34137b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
fb8cc3f4a56bfe18d38ecb185b8cbeba

SHA1
e80fdea0163a403f95e7f7b3a6e5173aa1f8f88f

SHA256
550a87c82eb108138f357fe05e93472147968236008cfd8207d95bd10fff3dd3

SHA512
e6481f0be52fe2e611b835999641a085ee44215fe4edac6fa1a323b7c7b1d1add529640ef6576ee5dba2b828da7200a6e7a34e6a9b349104fafab6cb35566b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
59KB

MD5
b37c9ebdc06bcd2b9301f300eac425b4

SHA1
97dcc7dd53a761d6b45d84162138370634f8a74c

SHA256
d6250d3ff1b31c791ac3b7009f822cf359250b6d3e5623815fdb696a7991f06f

SHA512
dad7ac5d7594dc3b2ba793968928aeb9a04a3ab86c29dfbc0d7a6e7d6b5393872601af905adeca08e5875ce670704e43e4578da49eb3264a6c674320c845b411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
be20102c5458245be33841811c681e50

SHA1
a64fba5f7288c7a5a1cf78ce4ee572dc4d55fe93

SHA256
93b14f60c349eccd152257c134cf89acd094866e63191765c82118f89445f6a8

SHA512
ceb437918b0ca44d94c68fbdaae198f16fa2135c546515f82acd7cbeff505f8dcc35111fc96bc3f6befecb034c43c9bf1253ab3f6944580a0fd6d1444208577a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
52KB

MD5
22c87ffea90717080ea178a2f79fd82c

SHA1
52e27a675f1c7a3c2bbe7a3076055997a8bca2d5

SHA256
9a3df64bd61119e6d0b4a1f35e4f4daa3e12884ebb7b53cb3327615a47b33406

SHA512
3fd34de91c4b0e3814cfe830dbc48bb5238dfec05ca8832726b7d472e675510ce9ad0316afa6f60b046ad77078adf022730b6ac62815d801f753005c52cf756e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
03d17270e4efee3acf27457c3dd748da

SHA1
2e55e227b97f48198fd8414fcbd45540dda12c43

SHA256
78162b7ce6faaf8d8234316a1cc300797463697ef6e8eec7b8751fc8892e48c6

SHA512
eff0f3db8432fa24c6d8fa5a6f226b04a046aaee1121143053e4d9559ae7fcd2301de36aeb7bee8e29fb512350565d57af68029ec51e7ba02a761210dc04954e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b8340bcb8811a3f000fa105f6e0fa310

SHA1
6b8734e523b54e5e28baa011a31431a65654c331

SHA256
ad048bd3c1ba03bdad33f6ce66fbcda316a399e7daef0923745db5819a6c28a5

SHA512
bee36eb48cb5538b0bbd6d36625db24d33c718e50aa2a0c141f9f2529e13b7ef8035ed9293b7402742d929a59bd0f358db1615ffdadd3c93007cd4bfdf7dbd63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\BA7BBDE965386E539F5175725823D082A7D47CA9

Filesize
207KB

MD5
3536fe8c566fe4de04b86a90befd865d

SHA1
99a9484054b1a65c1da5830e915ce674b38be48e

SHA256
68a9eeaff148019da5b1f34bce487cc48029b0e5b281779569ceb1c6055247d7

SHA512
9b9eb04630cb14e252a0d263cc6833fc6940812a46251c72dc7aab4a855320f197781e1c8e2a7235705636b99d99360536d3d2f0a9e9c62825ae1ae74af71881

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e0d9229-d39e-48e6-b79a-c0faaae6b430.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
0aeb128079f7e6dd4b54e99db716aa30

SHA1
e89b7f52e6e87c083542dbc87bfe8f12dcc13240

SHA256
7595cb67371e24a115639d53d6501bea36ae201c4910609fe2f0edf4f73cea1e

SHA512
763abefd02c783e63a1c49bb667bf233338df157c05b3a351ff2ddd0b17474176f4b775bbec63be9f37c0c58571313d32df2f7fc394c214bc1f0bd878c4f4288

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\bbee95a0-9786-47cc-a3fd-5fde5be875f8

Filesize
734B

MD5
32515da79a93c3b4d5024e8818cc00a6

SHA1
6b54d272ffa1911b942b267c20d8e35cf9c23c3a

SHA256
ecdb011e1a5ce67066a533551a7018060db7983435b11d39a66dfe42f43e8d62

SHA512
8afac6c44b76906408fb5055cdc33735ba426be883a0e13b8d40c2ddb14d1da76656b492705165c19b3161b4b7153fd237c036dbf8c89d8edd6a0cbfe94b0b00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
76aa3c1ee1f02e1953424f84e3705e2d

SHA1
ad357060fa099d81ad8a9102d11f81bc0b619406

SHA256
f304f0aaff969932cd4be135866567934212caa479453d9f20ec2eb4d7fdd1d2

SHA512
ea663d52d8a209907a51855a37cbf472530229392621b7c9cb6a82497a0742e5842b299c8346fb5c009fda98252837b3c08efe10b2cd25faf4393c46d29b9207

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
0865de77be57479ef674c1231a446a48

SHA1
80c09630783692806d7b2841801ca96999e74d5d

SHA256
28dca62b7c7730976f31de91345c9b783544f6b2bd1993b8ba6422ff1c20705a

SHA512
81b37540317820ab4ab1d5fb070192d5ee1a364b98154654d142d51cf7ae957507d652846d731c9b3c4e96710260947397f59a1ca91dbcbdc25f41da66de3ff6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a935d06b3e1f29c8bd912e0fb67a4fda

SHA1
b9ca462abf084c37765e1419262ce0dfd37e7b70

SHA256
d2af6186e41ff148766a264a867a81eee2cd37b032170c72fdcf0dc58ca10da4

SHA512
ac80da7b2440e4ee074a11201f477d7f49f705e7c61e57cf0786b328da68ff0b69c7a0a6eb5af3f76b5762f0b2858abdf5633296348abac67d6f5823de1f1d2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
54dff88c27260fd1474cf6554fc34fb9

SHA1
6ddd69f18b594827447f7add590003c526f23ecd

SHA256
619505cd5e43fd09698561246c2a56be6f8af370c58972633e2a9aa5b6206ff6

SHA512
d536908ad8d0b3c5b802c098230d891bdfd7e4e0bd048461ba6b2caa1740c2a4a042e5c8b579a8357a38c4f84d7eb9d4963ea0f1baa783bd173714ee7f2df8b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
7d8a21c82732d387952e660c4c730e95

SHA1
aa70f2e0005c24e1bf2028f1b413bbcefe40c432

SHA256
afd8cbfd3ea7289f89978f0f87f7ffb39a1e9de6d5983e3203cc7e3fa5b38626

SHA512
a2ba960019e29db8eb0f0b148355a3b0126ca8d13b15f7dd8350e9d9a0aeb0afe3f84b857ccc4dd071d23115eeb760e53c82c35c4bd2acd37f80eefbb94bfbef

Download Submit
C:\Users\Admin\Downloads\73431574538__6C7A49AE-C9D7-460A-9EA7-3657FEC6896D.jpg.crdownload

Filesize
1.5MB

MD5
1b0d8437f345cfbfb489eeed7428ea70

SHA1
7529c42789323f2ab4ba90000b6e8e073b33bbb8

SHA256
8ae82107731f747e38fa0fa98bcdbcebd5f70e07550ea827b123e8b5988eedf6

SHA512
360e580c08529553bef47dbaf452d0f78aaf30c48d871512e2827bc5755d4d273e1bc0e63328c3dff0b690f59e7a4057c02fd11a99cd5070fc08eb140b0d50f1

Download Submit