Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 14:30

General

  • Target

    https://mega.nz/file/nrg2AYYC#1PvUlWNQ9oOv3bpF6zh_beBoyXZuEP_ePiM-37oLS_s

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/nrg2AYYC#1PvUlWNQ9oOv3bpF6zh_beBoyXZuEP_ePiM-37oLS_s
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9846f8,0x7ffb8a984708,0x7ffb8a984718
      2⤵
        PID:1092
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        2⤵
          PID:4336
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4844
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:4496
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:2040
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:4696
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
                2⤵
                  PID:1612
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2320
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                  2⤵
                    PID:3736
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                    2⤵
                      PID:1328
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                      2⤵
                        PID:1804
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
                        2⤵
                          PID:1864
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                          2⤵
                            PID:616
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                            2⤵
                              PID:4908
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
                              2⤵
                                PID:2712
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
                                2⤵
                                  PID:4408
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
                                  2⤵
                                    PID:4852
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
                                    2⤵
                                      PID:4544
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                                      2⤵
                                        PID:3036
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
                                        2⤵
                                          PID:1784
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                                          2⤵
                                            PID:3104
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
                                            2⤵
                                              PID:1080
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
                                              2⤵
                                                PID:384
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                                                2⤵
                                                  PID:1472
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
                                                  2⤵
                                                    PID:4912
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
                                                    2⤵
                                                      PID:3672
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
                                                      2⤵
                                                        PID:3600
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
                                                        2⤵
                                                          PID:5128
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
                                                          2⤵
                                                            PID:5136
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
                                                            2⤵
                                                              PID:5144
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8136 /prefetch:8
                                                              2⤵
                                                                PID:5152
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
                                                                2⤵
                                                                  PID:5584
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
                                                                  2⤵
                                                                    PID:5592
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:1
                                                                    2⤵
                                                                      PID:5600
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
                                                                      2⤵
                                                                        PID:5688
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1
                                                                        2⤵
                                                                          PID:5824
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
                                                                          2⤵
                                                                            PID:5896
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1
                                                                            2⤵
                                                                              PID:5968
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
                                                                              2⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:5804
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3340 /prefetch:2
                                                                              2⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:5996
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
                                                                              2⤵
                                                                                PID:5372
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:2388
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:1296
                                                                                • C:\Windows\System32\rundll32.exe
                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                  1⤵
                                                                                    PID:5904
                                                                                  • C:\Program Files\7-Zip\7zG.exe
                                                                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HMC 2.2.1\" -spe -an -ai#7zMap1745:80:7zEvent13726
                                                                                    1⤵
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    PID:5524

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    c9c4c494f8fba32d95ba2125f00586a3

                                                                                    SHA1

                                                                                    8a600205528aef7953144f1cf6f7a5115e3611de

                                                                                    SHA256

                                                                                    a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

                                                                                    SHA512

                                                                                    9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    4dc6fc5e708279a3310fe55d9c44743d

                                                                                    SHA1

                                                                                    a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

                                                                                    SHA256

                                                                                    a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

                                                                                    SHA512

                                                                                    5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                    Filesize

                                                                                    72B

                                                                                    MD5

                                                                                    8fc79d492cc6dc2eb9b341c1ac23bf19

                                                                                    SHA1

                                                                                    85f6c6fbdf91b270965a8a5507b5c804397da752

                                                                                    SHA256

                                                                                    ba0a89ca55950dbefd6ccae6dcff051e754808322dd4b8064d4e4609fc96879c

                                                                                    SHA512

                                                                                    eb5c8e930fb03f7aac8fe3224c530491418879dd2da7a8cd92e3219b79ad4752959e3c34e0122c27065eff5b1ff315e76a8c767a13c78a956b9eeb30b657970b

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                    Filesize

                                                                                    720B

                                                                                    MD5

                                                                                    0f06f502b67cf3ee3570b991601eedb7

                                                                                    SHA1

                                                                                    e28e1392f0870208c9b60df1bc6acecf254beca8

                                                                                    SHA256

                                                                                    1ce0e0f26dbfb20400b9ee950d695a6c80b143bf6632e49ca32bb9609d1e6703

                                                                                    SHA512

                                                                                    a705a99461c5e8bf5abf14e0f77aaf6271cb518594d5da929419469a67d143cd3ae54a7ec58e0e7f87e6b2c7c3e33cc32c69abfe9f051ad8bbb22496ee8ebedd

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                    Filesize

                                                                                    744B

                                                                                    MD5

                                                                                    b4dc29692e1362128387fa81f4eeb77b

                                                                                    SHA1

                                                                                    1d789ec870d9193b132fc8cebc7ff69dd732bdb6

                                                                                    SHA256

                                                                                    079d073688980aa6552781249b285a5b0fe9ff59c9876c71b6d87f8675010c8f

                                                                                    SHA512

                                                                                    8c19a2812fcb7e15cdc9fe3a56527da8887570ac46b234451f2e60ed8a696abb90f6832a23225626aa171a8b7fe6dd58cc16ff86c41c3c0d4103202bb03274cd

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    46295cac801e5d4857d09837238a6394

                                                                                    SHA1

                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                    SHA256

                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                    SHA512

                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                    Filesize

                                                                                    188B

                                                                                    MD5

                                                                                    008114e1a1a614b35e8a7515da0f3783

                                                                                    SHA1

                                                                                    3c390d38126c7328a8d7e4a72d5848ac9f96549b

                                                                                    SHA256

                                                                                    7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

                                                                                    SHA512

                                                                                    a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                    Filesize

                                                                                    188B

                                                                                    MD5

                                                                                    e08735d8d04f386ff229cfdd8a901096

                                                                                    SHA1

                                                                                    e90c5ea41031dec6fee120cc3dff12883d030394

                                                                                    SHA256

                                                                                    dc42a69331760dd72e43c530f6bfe4baeaf1e8ac68edd7e6ac80d131afe9c0d0

                                                                                    SHA512

                                                                                    a1459dfe83ad0ce30a3c50bd9de00e56a57f66b6b96eda248288d5de02cb0bc5c22797e0a33188bfc09a66a0695e6b3c57ba5f0d743abf2c6e5a4b66bfd75386

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    4b9bab6990c6606c2fa17dc7669b3f67

                                                                                    SHA1

                                                                                    a8680125b92fc0baaeafd8dcecf5ec464d3cef6f

                                                                                    SHA256

                                                                                    fede638f577be4f6462ccb60cdc8fd915b3c5f6d9f4019813f71c8904b92b0aa

                                                                                    SHA512

                                                                                    11e3505f41313d101547d8b099686ad210a07136e7ba4e0ac73595543fa4b8a10d410d3c92269cff5d1e5c215c4aa6df5a6ca22c006667fb098bbac0fda511ed

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    f19340edffbf7141b607b3a94a129b6a

                                                                                    SHA1

                                                                                    ebd846705f2e6c4ad90e473c88ea66ba1232a002

                                                                                    SHA256

                                                                                    00c1a835b22dab35762a25726ed278e53e558afbb15d15dfb0f9358d47708393

                                                                                    SHA512

                                                                                    84335df52c067477afe9bb01e267e64547a9842a07529c4029b9c8ef107d0ff0fb7986a78dc250fb7edd02a5ac365e8010a1b64bdbec471effbcda0842683229

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    f67443e11ee044fd4baee1766288415d

                                                                                    SHA1

                                                                                    db579c0029d8e5831e637717f2daddf2e349f154

                                                                                    SHA256

                                                                                    5cf4982c3a5e4be65e183fc65b36b284f44b88b3a28056c0843629412b5fcebe

                                                                                    SHA512

                                                                                    7c48e8e65e076c823b9310586fc7e08412a8dd8764bcd669a33d6c73eb83d0df23b640df65d2db3787b1ea7f48ee3e162a0f8fe4284656b8bda4a50614e89bd6

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    9d0d03952d502997a278299ecb9a26b0

                                                                                    SHA1

                                                                                    4fb0bcc84166621de68f0a54c5eaee53b2b004c8

                                                                                    SHA256

                                                                                    9e74a07e4ed2bb286bf69c654b4c45a36ce9b3c2639b0078546028a1cf295469

                                                                                    SHA512

                                                                                    54239366829e560cf39368b3999cfb2eb6e32624cd74efeb31bc0e68a964169602bd4c72a149961fa506fee7e96fa9801a533dfbbfc4099ec88e9d0c88cdba8c

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    66444d8b4d23f70419740336eace4c41

                                                                                    SHA1

                                                                                    2e5eca2d6ad1539821ada4d12f38c134ef418966

                                                                                    SHA256

                                                                                    1bbfffeedf9df5e88600f10f8eb7cb5103240205d315c936a0798c199b5a85d7

                                                                                    SHA512

                                                                                    68364cfe7316fb2bd8b4ddf6a2c92dc16779abdd445ac9abc367dc7171bcf5406d3b8e743bddf804eca2dda944263835612c67768da82799736cec4f9b8cc467

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    c1360bd9912e6830319d45e44a2983cf

                                                                                    SHA1

                                                                                    131fd916cc35d13933a7990c3d75c87ea5df9326

                                                                                    SHA256

                                                                                    0140552a768e5521b10c33c68bd2697331f84c87a984d6a19f98c20e6f871def

                                                                                    SHA512

                                                                                    72faee6ce0f00bc4cdf859711b30f83000b733246bf78f8a640a203aa05e1aa4207d7a1c8a48213e43d9038748bc48f519e0fafafecfca7524d1860c0342ae28

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
                                                                                    Filesize

                                                                                    41B

                                                                                    MD5

                                                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                    SHA1

                                                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                    SHA256

                                                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                    SHA512

                                                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                    Filesize

                                                                                    72B

                                                                                    MD5

                                                                                    b696b027f8b42641b170c54d38fd8624

                                                                                    SHA1

                                                                                    38b5e718813dec229b719f7df95ea0174e99c11b

                                                                                    SHA256

                                                                                    8652e0de6b0bdb77b7ce0d76d410484ad220038dce78e1472f3af861c826bda7

                                                                                    SHA512

                                                                                    3da31cc2d0c4d8b34bc26289c91071515f2550bb045fc37f7bd888a5f30dde6efc9d8b7bb7366f96efb038e7d6ff4719cc49b744ab7ccb3f06771809d9cb0bb3

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b100.TMP
                                                                                    Filesize

                                                                                    48B

                                                                                    MD5

                                                                                    6d65a4be91f9f4aadffa78c26d5bcec2

                                                                                    SHA1

                                                                                    ed0a958d20067f045cee5fcd97085a80c4d1e317

                                                                                    SHA256

                                                                                    44e9602c8d7a26c385d8f73edb2a032279f00909d644873d812559ce7ff5db31

                                                                                    SHA512

                                                                                    64bb4f24507f57b22e2f2870b6b1700260f18f5fbd801fa2bf0267b60d779f1d5fb84e3e2ed416fc66086c2ffe334e70acd53e2d26d7b774bf0aaf9f2fd2dacd

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    726369c60b80b438ae2e14233de6f69c

                                                                                    SHA1

                                                                                    4997925dca6a22b336bc918f73e5234d12cb1c4e

                                                                                    SHA256

                                                                                    84de1a06c4f4777d1afeb0ece884f97dba240d3be4aeead6fe3dd2951949e861

                                                                                    SHA512

                                                                                    c114a10cfdaf8ad0c5426e1e28c05825a6b8abfeaa3bb23ffbe6951ddfd4771d2169e2fa3074a22f813d56037c87c1e5bc66eaff6cd07a05fdbe1e7709df39c7

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                    Filesize

                                                                                    3KB

                                                                                    MD5

                                                                                    9ef794ef03a7f89ac012f64700e5025d

                                                                                    SHA1

                                                                                    3d7afb7f98ab3b86ecf001ac6e899a72c7457256

                                                                                    SHA256

                                                                                    e338bf378d6a90650e2b4ae0e59c56a769ab7008936e96956e1ca454410b9522

                                                                                    SHA512

                                                                                    f5c41d4cccd2cf62930355751ceffbc1b94595996269abf3990753d3fa89466132f36866bed11d7646af96fdb6f63b15372fbd7114a6d08d9d2fc94d4f06892d

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                    Filesize

                                                                                    3KB

                                                                                    MD5

                                                                                    8febdae428bb7979f6eb85bfdccc075f

                                                                                    SHA1

                                                                                    33cf112e7a59f2716c561df2713fb418796f8155

                                                                                    SHA256

                                                                                    107ab15d84d607ba7fd8f1fae8ac2fb392fd49f545ca60125c2198255eb64664

                                                                                    SHA512

                                                                                    0218750c36ed235b46d520f827ba801ec446730d6ed1d9ee29f10f466077194fb23f8875f3529d3031d8896b181ee81c12a60e4b9f897441d8f329974d0d094d

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                    Filesize

                                                                                    3KB

                                                                                    MD5

                                                                                    e4ef6bf97a481701556dcf332ab3dfa3

                                                                                    SHA1

                                                                                    babd77fd9ea573b9471f5712b92751ca16f1a825

                                                                                    SHA256

                                                                                    2418910a70198cb222370d18bb6a2a20af1298be9aff0d6e0dd41fd20153d78c

                                                                                    SHA512

                                                                                    d74857e80346afc3e78aef0d00d176cc6083a5a7438bdb75655ec975d1bb8a88038b5ae6aa20f45af43dd950aa121ef0cee40c784a06469ef28a79b544dc9020

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b764.TMP
                                                                                    Filesize

                                                                                    203B

                                                                                    MD5

                                                                                    46a940576d9ec84df84cf62b5eff7cde

                                                                                    SHA1

                                                                                    38c69269783ff2e0c2fe77b186a93fa88f3152f5

                                                                                    SHA256

                                                                                    d6fa91f441f222e4979a89e6193c5663037899785b552d21cf4904ee8ae11c7a

                                                                                    SHA512

                                                                                    09417d15f510d590d8cb1425c3b9776ceb487fe33cc42085e8e1f38c3e2df0b1a5b5422f78ab99fff1ff473c2b6e9c800fe533ba25f1fe4e4c80c607e786595f

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    206702161f94c5cd39fadd03f4014d98

                                                                                    SHA1

                                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                    SHA256

                                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                    SHA512

                                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    ebb277c6deb8db69e2194f0416b0e016

                                                                                    SHA1

                                                                                    c5bab375e48ab267af3ee39a156c1483b0956dd7

                                                                                    SHA256

                                                                                    fdb560d2be7be066dcd4a6ba80457a9e62eed14abab8dfb896c11f5cb0a2e477

                                                                                    SHA512

                                                                                    3126d22955efdde731035d6a870737fa24bd4c52d68374f0937d5d3f20764966877ebaa458ef19e972a1405dfecfb1aabb7cd0427560f4c8444eee8c8ed9c0c9

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    d36690af9fdd0ad9e596ad516a01a3d8

                                                                                    SHA1

                                                                                    85867ce53c64ea5070f481356aea797d201ad921

                                                                                    SHA256

                                                                                    d222808262a97330d513e69356c4115e99a3b155ddc20d10dda525cb574176fc

                                                                                    SHA512

                                                                                    8de4d678b4cc237f3904522f74c24a3a22897377bd8edd5946f4c18e776ec51790da3a6affc5a099bd1763636fd79f95582db88b75aec465d35a74e72038b2bd

                                                                                  • \??\pipe\LOCAL\crashpad_1700_CXWQXQDQQFWOJJJA
                                                                                    MD5

                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                    SHA1

                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                    SHA256

                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                    SHA512

                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e