hxxps://pvprp[.]com/pack?p=6858&k=965090517

Analysis

max time kernel
360s
max time network
381s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
01/05/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pvprp.com/pack?p=6858&k=965090517

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-891789021-684472942-1795878712-1000\{BE68A7EA-7F7A-404D-9952-28F52AF035EC}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\! §b§lBombies §8[§f180k§8].zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
3480	msedge.exe
3480	msedge.exe
3944	msedge.exe
3944	msedge.exe
1472	identity_helper.exe
1472	identity_helper.exe
4556	msedge.exe
4556	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeBackupPrivilege	1368	svchost.exe
Token: SeRestorePrivilege	1368	svchost.exe
Token: SeSecurityPrivilege	1368	svchost.exe
Token: SeTakeOwnershipPrivilege	1368	svchost.exe
Token: 35	1368	svchost.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 1172	3480	msedge.exe	80
PID 3480 wrote to memory of 1172	3480	msedge.exe	80
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 1284	3480	msedge.exe	81
PID 3480 wrote to memory of 2180	3480	msedge.exe	82
PID 3480 wrote to memory of 2180	3480	msedge.exe	82
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83
PID 3480 wrote to memory of 1016	3480	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pvprp.com/pack?p=6858&k=965090517
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0af83cb8,0x7ffa0af83cc8,0x7ffa0af83cd8
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,10151365866405058121,654805490531470315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7628 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e498afe43878690d3c18fab2dd375a5

SHA1
b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd

SHA256
beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78

SHA512
3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8b53ef336be1e3589ad68ef93bbe3a7

SHA1
dec5c310225cab7d871fe036a6ed0e7fc323cf56

SHA256
fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1

SHA512
a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
95KB

MD5
901b49174a45dfcad94e115c64cf94b8

SHA1
0196622855b0f182b54acc5d2a7f4ffda72ee294

SHA256
65d13ab74c4e3c5881583da5a7eeef908094f3c91ee8e5213bf960857ed65f0d

SHA512
c08b4cb9cbfe9e998f554528beb690c19ed28a6e48458658f4d76a82e578b0dd20a368df00b9e9c73afe97985b912be27ac952ed8b081dcc39bbcb32cba747f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ff69be4fac1276602b2805a234a6462c

SHA1
407cd8e83db73427946dbe2e8625c863ceea3ad1

SHA256
1eab89196a7ab463e88aae1d5a8aa45dc1000bbef1bf5cfa63625fdbb6be160d

SHA512
cfbe12ae061f25c48364cc27f953452a6492d38d641e69a8104fbe0a54314622acac6cde78117aac133a8616f343723ed7f19e0558ebdd0e795379c49630e600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0e9bd311d1e3212e94660bb5e5a33ee4

SHA1
0d196c8b8315e762eca4407e357967bfe92d55f3

SHA256
717dd37ce08d463a332ea75d52b8eb09e79f79094d769fb90bb9e000173da846

SHA512
423f2c935922f0fc188a27d3e22c33a41f1e534c41cdfedbf492ea1323e24f61317be415b3b100c50c5a8dd8d05beda09ea1acbe46e80515bc6b08056611286e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3127c3711d39fa5b19bedb58f2133921

SHA1
6de713ab234231dfa898fc081b439649e052593a

SHA256
a9671c116a740817b79fc3e863c79e8f427b4036d022e7735d3ead81a5e88216

SHA512
b96188a2af292bb3164c2c171d828003c9e4b53c386887e161c0504c70b28eec3358001d9f45c732a336e1fe0a4c5d3a2ee7d76f6e37c3b26c71c6d3e62ce56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
3a668baf60ce64fc0c260e6a96eea32f

SHA1
7367ab850e407694dfd4d8e7545c30c939b5ccbb

SHA256
5f54082b94ec75e080893e560378850c32861d54394c4dea77d04e4e27e4f982

SHA512
b7f0aeb608d3d67f2c2cea6417d69f865e0db42134b77d05ee81b0251e7445257b68abdbe9760c4a3ba373422919f02ec44420c0d0e4cdab8f0b75e6b8f9d5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d56ac324e89f90e5f05bf2aeba5e2467

SHA1
60a4e303d9e89906598c78500c863df7b3d1a0ac

SHA256
8c280f2cb5144c80fe36ca0a69800d60673ee657b225ba083f5802a2dfdef3a3

SHA512
ec06aac1adee455ffd64739bf3ac48d7c9b1f6bfcace46faae1589f6625d0a15a02ac0a24ad3d62d5adea550df116ab08ca5a887372932c6a8e97cff3d6be0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
345c0f5e71792b9e2b53f939ab1dfd5d

SHA1
aa9d68ceb2233d8394708841fb399ba9bee908cf

SHA256
4188971ade5d3d405d8d4bce9a14486aa4c70586269080f6edfbd2b233740f9f

SHA512
1cf78b006db7fa54032be9f41830631d3af8b04910822dc3f725d470e55484d3133b896c39eece4b80ff514ace5777dcaf29bc0a4dd6da7917bfc0730b3f3ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ee55c95288055c5b48906019faa522c

SHA1
86e6dc72da3513f210cb09c970cbb62ed4eb9a7a

SHA256
7cfd772d95a2611dcc42b42a5ce289edcf1271b148f4f5b5cc8a7d7592cb515f

SHA512
c7c39614f249f6eb31e2a3044631b0ea70558306922858e19a13f35fd40d45b6c3925cc26c9f908f94e4b41b76ff4eede2fabba29b3a7340633fc9f6535cd566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a6f8d22e7616d077125757436a1e5a89

SHA1
7dbe05926ab3a35ac1a11aecb8ec25d35c680391

SHA256
583f8599543400b964e2d3f1842ba82286eb926318ede4b92e1f3e39ca0184e0

SHA512
05bf58258e712665925f493aa05f6dacb474336f9df03ac2a2b6e033d80846b5de126749731872e1b51cabf8696636adb013973290ab82f73d2ad6ebe23c1cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ccb53a66e05a34459cf1a7f1f92774e

SHA1
fb8a82744af4e0b8d9ed2c4be42461872500bd1b

SHA256
2f4c58ed23635b50ac010a8a55b1c421503af5347fd4542f5356afad15179ca6

SHA512
c1501d5e3c6267be26d8e4b66741d856f444f505114c4e829c5f917f89fb22534a5975d2813419f5d08ca4499fbca812c6788cf4fa6748964a0cb442501dd514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2c3a94c40afcf62d2229295127b72776

SHA1
f69a2a8b70fce940d726d6dfbd4c4adbdb5b354c

SHA256
47ccef3352e508b4ceb8e549125b26b3f10e43de1083b2786ffe8e86d4a555a5

SHA512
4f7841a7afecb28f98ea5f385589f58ef7008b40135dcd12ae3d1d37e0ae319eead14e22ef9efee6a7225d318bd80dd2ee033c1d5befcaadf6414b32a182217f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
8964c0f67cdd9c025cc79e5bb1cbf672

SHA1
6cef4dd0a5d8d3160897d876d488bebe60f55bfa

SHA256
150cddc8a768615dcb2d95f7dfbb22a259be8447c8e2f65624ceef922a79d586

SHA512
f86a7d0591f5e680768cc68357c4e847b1e837274db3691cf6a99889c17f9e2691d033187a52096bd490d0dceba9b1911f9a4d857a8bcdf586ab9d8a480815f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e2ee.TMP

Filesize
48B

MD5
84af8ffb7eefbf223c0d7812982104c6

SHA1
72066b750379ff25059e3900267e39c0a6c00b2e

SHA256
845ace7078dd0ad4231dc1115cdd002cc6d21c31ff74f873d849267cd34a564d

SHA512
59ee6335e73dbdaedc958cb104333e8af2979ad1dcf848cf99a14d2751e1b09365572bd03286e7289bb1628f20397a70d7f45e0698e4dada8a2f5c6759757878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aff62b425275625ef12c7ad36fb10df8

SHA1
0670ab8f0a34f93ff77d5a258b56af402c165097

SHA256
6ef7456ccc27421c7ec965336f9a4fb4f1143a6f8d0e038f1e61aa78944b011e

SHA512
06a07ac62a02daf7d77ebff7877a24038a3bb6a4ec7449d4c0c20638bf4d5963c97e2afed6f216647843c237055288a4b016dfe99b639730a769be2580966f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c6be4219bd3e8a247839a4e071189b9

SHA1
cf9cc5511e04ab59520addbf688d1868f05d6114

SHA256
c12125bea658ade7f187e4abfcf48a0f4b3cb49e3593117e49e77da72f5b2687

SHA512
2554481542f568ed90e137afae4c5ddd615464c76b4810d16e54a3a2cae65f6d04b5c5400dca4978bda1bd289be3df374755c2bdc682cc8f654f89a73142d48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
509df9454a364490b68509569ab5392f

SHA1
7b03bbef8d2037ba8ef120f58e414ca0eee7ded5

SHA256
075006f5ebd700b780d0e94e335544df163d6b5d5eae4d14b8c042bcc3b324bc

SHA512
efbef3f2898e35777e8efaef72b1c73edfdd7044bc138a05ef8e913453df39a3a7d9ab37bc5532584d617ee51c64fa9264c13c855b5ad06b215a4e98b0ef45c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579d1b.TMP

Filesize
1KB

MD5
a10a93b02cf6da708d25f42bd11c66e2

SHA1
08aabdc4e840a08847739248cce6a4ad99e2533c

SHA256
51ec559f16feb9d8e9177c5b8bf490f6730832617167ba68df007d1dcc956124

SHA512
7c1e352329a45ad12d8a0569003e6b9e46969e0f7bd5ad5bb3e427e8e34413326ee0c0169b4b6d530b1c2fe40a0d466949fb2d85c4fcc50caf34faeee85dd855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0d9d410b031d5bf3bbeeead921cbcf32

SHA1
2ba050db4af4ce0ccb93cbc44e759b9d9aef2a2c

SHA256
5561249fbe8dbb1d99ff575d7355cbffb352bf109c4c8806f949cce5def2f827

SHA512
4c0193449112e5b21d5c6fdd4d8b714049086674a2012e6c83ccd712fbfd0b2798e23c668908e33b14d8866fd645e256a6aa2c70599d3bf606221e9563720bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6aa1ac80e903a593db6dfc48a86592a

SHA1
9b475eb8ee954b82fd87ee635435c652054fefa4

SHA256
96d089f3e9eeca6701e25c939c405bff3d4d57fca160932afdda58f54041ae9e

SHA512
4c4484e666a3a0cf8aa89f4cc70bae45454058bb2970ed14dc5902f291f2c828d89149788618e0beb646bffbf89abaa5f34701aefe19cdc14547a418d995cc61

Download Submit
C:\Users\Admin\Downloads\! §b§lBombies §8[§f180k§8].zip

Filesize
12.5MB

MD5
455d3516a3cc8a27d3ab31beee9cb5b6

SHA1
4262cb623b9418fcbb10b1288134dced5a26f951

SHA256
03d201a14bcbd0601a4d5952093befcc067f114270e4a2e02b874adcdf1eb72f

SHA512
07dc22012c7da9b54ec877017c5a60f9a99765b652a99f58e25a22376a0a2b0798c1dcd19f9c46a49ea6a4a4a7a5334550017ca1b85035c33cc66c1da6b67f21

Download Submit
C:\Users\Admin\Downloads\! §b§lBombies §8[§f180k§8].zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit