32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
170s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdd505a5-b16f-4c68-a000-442b3d554622.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3198953144-1466794930-246379610-1000\{859AA3A1-8E5D-4BCC-AC77-264B262A60AC}	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 378551.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 378551.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4708	msedge.exe
4708	msedge.exe
1112	msedge.exe
1112	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
3688	msedge.exe
3688	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

msedge.exe

pid	process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1112 wrote to memory of 232	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 232	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4012	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4708	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 4708	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe
PID 1112 wrote to memory of 2952	1112	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cdd505a5-b16f-4c68-a000-442b3d554622.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7aa746f8,0x7ffc7aa74708,0x7ffc7aa74718
2⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
2⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:420

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
2⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
2⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
2⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 /prefetch:8
2⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
2⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
2⤵
PID:420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
2⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
2⤵
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5672 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3524 /prefetch:8
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,4971076590194784469,15306316682428682780,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6840 /prefetch:8
2⤵
PID:1356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6b12576c-9fe8-44cf-bad9-cf4873b50a22.tmp

Filesize
6KB

MD5
f3f679362f6e119ff3dc718ddcc8ff31

SHA1
b5d0b4abf419c1cff1d06a16199468efc8f5173d

SHA256
9ef38902958d790b23c4768b2b615eee2e9261ec4e3577ad0851d63f6263bdc3

SHA512
b74e3f3ee6b1de67fd614de7163d2ee34210ba0019bc8c2848dda115298a5214a78169ddbaa53738711e9033bd7c59908cb8698623f7cb96e38495886b8d7bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
c5dbf1436d1d4bcd9ddaf21db8d57e14

SHA1
6002f26dec7e949ee0b657c3785ae2d4d6b4d70c

SHA256
f0921afdd2acc97e0d0cb1c615cd8b69cb7bf6c57d99e0cc51918465614aa8d0

SHA512
ed06bdd837e658fa6d2ec3b99b65ca46a43cf08b187a24024a4925f1d785da1e5b15d9e34212bb9dcf11b56437825e5e10bc59a104b578db8be087fab5a54e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ac2066ff6c285e14b182d33c56e80da6

SHA1
ad95a6d95cacd79ef53f9db0f79498600bfd0963

SHA256
9de64fdba88e7c0b08eaf402f5fec1607beb5b081385213586bd42a8325c7863

SHA512
12bd25ff27f8852fe847ef11320f6b5c6cf3a20dfa11f873a57de747d0a8bf2eb6b6c2f22bb5b6bed1c8347e88460a7973f0031d41299da0b9e33e9ac9b24151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e1006477cef6cc7a832c24ffa8ac6884

SHA1
166152f4861d2648df91e1d09ffdf3809b5a4488

SHA256
f1423f1da6d0bf1909016f9f4d59229425a82d210da5c7b649cf2f868b1d9b4b

SHA512
b74f09e837f3cae8b7942073ec74ac24f16e8812e716736358f9ef6b7492d3691a4e0cb3c31296d2cbc9ddf36d2d5dc6d09779d4a3e9b8c7f98cf43e83cbedab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8220692a3af18f3ec3228941f0b44805

SHA1
08a64dfb6d97a6ecae59ee5d33b72f7230fb06a5

SHA256
58f96945a3b54ec5789e3441b0c812eb09d96efe140cb3eed8af1e33d15a1f69

SHA512
e18ab02d852e3e1e23784292762097c0866a3213ac909b653e1aa74d1f07539d162294c4d62dd271c6361329665c8992dc04a3a49dc3275a05dd3800bc44c732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53051654cf1031d45a7232775d791769

SHA1
e7a1048e60b7244b6f4f04cb0a06e6f586da9c32

SHA256
cb90c8e896192bf36327c4a50eba030373525df19a727003c4f0d91108f61a1a

SHA512
d6c7a7a13e9ce41dd036c89e524fc6fa0ae19e7c606dce1d96f13ac32072e1c055879d1d8e8889a1215d830c0b38885f8723c9e63da38b7c375f2c46273e10e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acbe74997e81228fc57231c625209bd8

SHA1
9886e7827794c9791284f9693952889f78a69086

SHA256
f8f34f55975b0b9cdd5c91448d063d0e387e092436d6ae63c15c9d0f2972fd20

SHA512
1cade50b9a2571c92a45ab72f2b7c0b51e2d897286304142baf955243a154fa49cbb2b603786568449d1f402049c1f0017ea7c29369ab8f5419842433e0847c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
76742eb3ae137b135a8ff5fa6de5b84f

SHA1
7435eb918dd1560e61f50571ec7345826e7e1f74

SHA256
b4f6cfc918b6f47adb247e742038fe457775e748f4059aba805973453c2b6aa8

SHA512
63871213a27e0254520b155f2da54bd96f35c530546b67e1c198008054a75933d7bc0e83df3961f1e08a1f38d4c72cdea55847d784cdcbc2b5bc663c36bde8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8ae6f8fa0e87fd538dfbb13ae6c1d6d8

SHA1
7ad3f3c3308e4cd12ed34e2df7a15fd03de1b1cb

SHA256
bfc10caad62734926dd3f3b6910c2c522ffe52d9f69c74dbfc0b0ea052836171

SHA512
4c1d2616cb269e68de86ab7cfe42f619e78658017f91cc6555a637bc36e06145730bb3f6efbe9ed2e6532e001a52b088648835977007b2883b6f7a0ec8feb4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e7eb4f105c2526839b63104d41ba34d0

SHA1
a6bb29861cce91c9b3cdaa2857d4e68c3c112fce

SHA256
b5ac1a14b473109ed931f593bf4539fc928c9dc28314e6ef84c570082f5175d3

SHA512
f43beb5ae2defad1ef37ee7865f2a04a7c70215326cc4e385fe0131796d487c46d1d1c19673d0d4a443cecc84b482816ca21be4c358788576723a6ac9e6f7100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0dbc1b1732957c40b9ff6263a3549d42

SHA1
24c9f7c6d3cf931f92e2ccffaa79bc213defb9b2

SHA256
79dbe66b6cce255bba151de4606ec9b6eb5c9c2e3e810ecc6921c8da6dfbed86

SHA512
9adb73d02e6d0278ee14bb6024e66edb12996bd829c0aa5eb9b60d9799d6e19ee19631d94a2d4da7e782df46d5d4fd2f9ce4dfc30feace3706c49091cefd455a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dcdc147df49224f3fe01c54a5fef0a1d

SHA1
159531424745886ce2cdfc5002058fa3bdb45e4a

SHA256
4eee0b2649652fcdcbc47568dd7438080a570590807f929a3902f46ab4f8f7a7

SHA512
7b2b78e243c8c786de2685a36bfd17f91b3c20e3481fdd238dbaa7005b75e147d18b960cf04f7c5b31739679a88f3f996a3ac3d0c8f42284c2add1a12f5785fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
082af6b61c3e47a425d55c246c550fa3

SHA1
ddd2b7e891a3de89f8d2c3ac8f34456b53bfd0ff

SHA256
93564ebebb2a0bff59c6f3758c59ca3febece04b86ba4da8ef5c6973775a092c

SHA512
c6dc0ddfae2d23a89939c490201a6665ab36d8b01e7b3ee04673cd677f87084b01f9b2a6c26b2609aa18bdf6953227d9eb2d93e4b68cc60693affb843b79dc00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
e0b19885419a2cab53c8beb704b61040

SHA1
02d419c8f4f60f61aa8f13043d352e3cabf9af80

SHA256
a889946e827c9a8c7952c3723639cb92a20e535fc6be27e90a3788847dde1f71

SHA512
9f2a353097c69759adcfc180f0804bceb2cb4feca2fc48f8285a5a2ff442625b8e6cd6e85bdff73d6b283f83d7bd6787710cf90f7014ccb66d256f84ac3eb74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6efbf15786984e17abae641226201c80

SHA1
7e59f21b9a81bdb839f8e3adc1d97daf2fbaa934

SHA256
39c1a8a600e33b18a5476b353dd857b53937be872419a5a50cc519b11710339d

SHA512
1ecc689f74f40d4dff0ad8a5c8ee26b6cad4fe24f6b30d2d0244ef82596524767e703dad478a27c5bd22c4876b4684734bb8433d339549f3d6edd8adfe114e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5835d0.TMP

Filesize
534B

MD5
89327dca15d284373580c27738937093

SHA1
02c748f6f995664979e29fe992defc0808463035

SHA256
6be89ab9df322df714d99f229518812937c62481146756b19654189f0339e797

SHA512
d26818fd808282a5db5796e65f098b9cccfdc88ef05e93b460ad336fb38615279733dfb6550d716e40989b43469a4968b4fa3ee50491745a9fd83f0b071b7b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
27c98c5c36412b36db88b67011b3c009

SHA1
22ac7e1b54861083df5b813d7f8253210747f857

SHA256
8e9dacf98160abae0f70a2b2abd59f38430c4d116432556ea0c9e3f38e9825b1

SHA512
4395fea838e120dc8938e4c4cc3f1f988bdabc14ffddf56fcb92264ada93fff6b5c159c4ee062bc6e72eb14d9e99ab79dcd019afe9f90ff10eaf04526d22f6d8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 378551.crdownload

Filesize
662KB

MD5
341641cce487170e0f4dd9caf3d28925

SHA1
e06e6dfb2449d99a673bb10b5680fe270444381d

SHA256
4adf11f226acb62199dff336069643be40944106881b9da34a56c9aa52d31f5a

SHA512
a0ae8a3a911a3e2f1beddfbbf5839af93096ae030e3abefa670712ced7c62a272c54683a18c7d346be6f035b4f7ef637bff86b5d9fea917cc96b85b4bd5eab93

Download Submit
\??\pipe\LOCAL\crashpad_1112_ADXWWOHGZPTXZQBG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit