Resubmissions
20-06-2024 10:12
240620-l8tmcswdpk 520-06-2024 10:10
240620-l7fn4swdjm 420-06-2024 10:05
240620-l4nwbawbrn 4Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 10:12
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 8 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{A87C6980-8081-441F-B412-036DD439D817} msedge.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepid process 4248 msedge.exe 4248 msedge.exe 2432 msedge.exe 2432 msedge.exe 544 identity_helper.exe 544 identity_helper.exe 3480 msedge.exe 3516 msedge.exe 3516 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
Processes:
msedge.exepid process 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe 2432 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2432 wrote to memory of 4384 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 4384 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2660 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 4248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 4248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe PID 2432 wrote to memory of 2248 2432 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://azure.microsoft.com/en-us1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd90b646f8,0x7ffd90b64708,0x7ffd90b647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6336 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6348 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6127693220712254180,2984048586831303885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6264 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043Filesize
16KB
MD512e3dac858061d088023b2bd48e2fa96
SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046Filesize
261KB
MD5112f8f03c4affe4b3ac72fccffde1c7e
SHA1131dc9c9b212806e559cf451e52a8ee4b518e208
SHA256a0de4bbc84b76cbd1e9aab00e96f55c21c805aeac2b43ee399c29f279e997a1a
SHA5125db5f04336613f697cf1064865eb90406efa6d9650658d7aa465ec8f9aafb8885d15e5bee8c4053d44d837a2d0c96951f734146d4387483a8a444180364d24ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057Filesize
39KB
MD502826c1939a448a3adf4618059f1c9b0
SHA15b826e6c56338e152d2361de65059528ab01a7f7
SHA256aa6e360de2cfcffa71eca5cef40b8c2259370d0926e6ef9baabd3c22224bab53
SHA512dfa8f6c54ff9b62a26d577470c9228c82d5c1b73b962008111a62b81c7823ca444f784a997777ecd9acfe1f3d7b023a733cfc181ba7d6b8b2068de6959c21977
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059Filesize
61KB
MD5136449cd8d019215ad3902c3d0afd955
SHA101a3fb11c20ec1b5bf3cbe3020aa3319bf5f2300
SHA256a1498544b1c84ca6025c0f6f8ae95add55df8b9d2cb45e39ea6169a540ea6bbc
SHA512c8f78aab144c0863b53de2278e719297105843edb58f31db973c65c51aba994d676882c5d24598004747689b69752289480a055321cc8059b6d432f784f5f858
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5184f378ab1fa58e87a5f78d48fe58b0f
SHA19fa8c1e110f1de0ba4cd92d3a4313cd0e9e5a110
SHA256bdce83a5dfcf16402180d7b50dfd4bfa5890e72d5cdf052ff4588d807eba2b7d
SHA51248c3848e5d3be8028ec589eb78ae78a2d367c7e2cc74f65cdc92648f36ca02c2122d0bf5120412b83f382d4017d7fda84c9afabc7bc575f2a3dbc15d267856b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD55de3eda99edd5637d1f0f646a49e1fbb
SHA1bcbc1b60642c7c4cf2f76a378fe9797ce1efdd0a
SHA256aea3205a918e3e9ff22b28f4399a4344fcb8d550110e65e505dfa1ba5ae06791
SHA51225550231bf54fd7c60a73774a99b185003ec3e00ddd262b7ff4dbe87a693a1db6ef7699dc0a7c8daca88b4aa51bce29db535bd19e8687b51c62961ea12b1409b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD53c7b64bb44c66d1dfefd55aa8705869f
SHA1d05dc665c26d43122ca6b6d9f4dd4b30356e8f10
SHA2565ebd9e30a565efe9f805919227d3c275292b0e2945c535de9e2694c37fae5b55
SHA512b4239e048075a2a7439af49156b7315cf6aeb34b3f6dfe162010db26eac0528451a1dc32b440dbcb0db83b29a1b1fc909662f9565db5bfa1740c788a2bd5af5b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5fcb9a4b0571bf9edb28e846d3e554a7e
SHA1e286f06d36cea8214ed0d2cba9e8d4b7aaf91724
SHA2565f6fb023ca718a36ada288bc236b2204e9194ed29cb85bea4a093343d5e711c2
SHA51226ac4f266636dd2bee6abe5c02969d018e5884db4e4059c7d225576bf34ef0b4b96ad3e2a6b52f63801cacfe4062ede101a23b99c226dc2e91c60fbee98e6751
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5f12c94fb9c63285a5b3b9c1a2e944d99
SHA165fb6affe24b6e6959d09086172796e00c4bc0c5
SHA256b70705baaf61ff272062cd03b200268622287859635a6a9b6d05eff6b8cc2b91
SHA512c59e0c83a8ca09112122465daa06442f0b3bb842a1453155b138f4837cd49c526372014004bdb33ed4b955b042eed8ef553fb5bd832fa6d67b55a345c1b49062
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59f3f89a23a1f089482e1a0d99f354944
SHA16d88273b16dbc3c9fa4d0c3b03f807138a7ee8bf
SHA256ea36e6945e1b2cdc4b2fe69b4a22c318e4ed2286e7a6a95c078027eae442860c
SHA512dfff710bb62ee080190b0efe7f6b18d9ae99d012e004df991ed5e99da04a6735615c664d6d5015cd455e97e41b16ba65ce3bcd6679100c65b2b8ee8d86e75d62
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD520b6097f86944debbda5001bf334e108
SHA1fcf29a1f572f55b2056b5bc840a39693797cf647
SHA256be87e8f6c473bcb2d5e25c812a9d39c390cb31af63b5e9f78d42103e302c989f
SHA5120571b21525e257617bd88acd41e9404c9a759f8b36328ff4752e83bea79759a507b9d36fa87be2a937f54b13fcaa56c3ac49b6477b8775d4c37d60c94d1b3963
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5584a4281c976a59bf42260e647bea4a9
SHA100795f3235fb089fc2261d88df71789174ca49c7
SHA25648279c57c02edcdcbc427edddc3f0ba9e31c9ce3e85a8d5e427d0cb1a4836de1
SHA512dededdb9c324c9a146af019a111ebdb6e3d94de277391108a2d31ce4c3613445f96aed0168397edb0ea8d3faec55433db85e3bbf342d4d0193378a03c3a89b41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD54d8233b1c43f530e75d7988dc9028fe6
SHA165ed4575a25bd46109d169604b34526f90a1a8a9
SHA256b1f7745f223847038ded87aa032033d102df50ef5c3fee994ce8bd49429ce39f
SHA512b60111451e795df9441275abf520f3e7b6b670a5e3b20bdc69d65d19af365979ed266761c27c81b8bb1f4973f870e3c077050346b7914885b05f264b0cc8e5fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD56af4349ab711c96f6016c64deaa7cae8
SHA163ed8a954e83ba14b3457aeb43785fb49bbb60cd
SHA2564bad42eb161a3b78b3146f875bd4cbb059337f96dfe1159f43bfa122ffe50748
SHA5124348f4e68fa30062a6c5b240ecca9162c74215e85e3bb63c06bf0bf9cdd5c6a1127e4dbd09f214a7874c9f1d49eb197190531f5871b36f444fadd24e9e49f746
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5159bbe98fb64ffc9025c5df03ac82297
SHA1737ac7548b7e3427231ea050ca012d8b1deee0eb
SHA256edb230f5613b212f78165a380faed32d7605b1584da3289b3f951564406474a3
SHA5123348e1fbc43f27f688950a3d965b575b5b22cb7d98a97b8320a1c670268c8d6348ea33befddcea333c73eeff1359a489e27047fed65a24b471d65c0867e44d88
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5d3cbbc5c6cf130c6a51683a98d5f6e28
SHA197f10dd1e5c5e501244249d6cc421adb5315b592
SHA25632426b26b1de0fd4dd3ae40521a02377eef3a150b2740e5fa4dffc83331235b6
SHA512d41e58c2d0c9ccfeb3ad82cb09d320b46ba2c5ca65d1c70ab45577aaf9f846e3dfe25470d1247f99dff94dfc386b2722f311d7279ce2c321e68d4ff5d11d8184
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD59b24499b6c247da683fcbaed7a72bbe6
SHA1bb1e31119c270877a2d6e90aafcb72e0be5c98cb
SHA2567f0554bcdb2dc898b8542067e2e8c9c3ccbf2f2fb47994b7e694566ea43d0a95
SHA51247cbaefbe6cfce44e6c281bb704588ddab1876e21710d5f501f1fe0cacc045c8e177d22fd2dcb322ccdeb2f506a37137a256880f2e68ee39dbd78ad029d54c51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD597684099af37d736608e5ad4b7000029
SHA1765d1a60da5a149300d123b31322db386321880d
SHA25688e13b730b5e83b60b3eca9af2d029a5ee1c4ca8791bd968c882d6623e3ed61f
SHA51215a4f72271d652a9cf960eec57f7883176f0afcef466e0c94bdf76ba767b11398e71d703d4b1d83496fc6fdcd6688ed2dcc5b35a727a86bc40bcfbf54031bb3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5beb76e00b394416878ebd3f32cab78ba
SHA18b7ba9e9372ae999e1c6bbbc78f6ff25e0a46163
SHA25677ea1b8700f39cff3a7f7c566ca23450977424086131c42da94449882c4cbcba
SHA512d16ba90104e1af32d9874ef849997c06a3bde15b71ab8883f422b05095bd3e421bef700c9d4288921dafb5122de3ddb55ebb18c145a9d81d8189f9f875d9d6ea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5819df9cce0feef88d402dabd3d9ec696
SHA159d4c575cf5e10d5883c41fe3e192cc000ed35a7
SHA2569be3640bafa9a5387ddfbbc4b34a64686cd3d04f2258cff7303f646fabf37264
SHA512c37a6b198a19d3d179939efa08b09cfacc80fce44fe2ca9d05525c1fc80073dfc4f26dfe1c5a84804e080ad88f5a38ed3e55f92d2b60a46299551e4cc6fa885a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5e6f136747d78d8c68236ede39c47e0ce
SHA1180e10931d9d7348156a89183fad001775258f50
SHA25662b518a68c06b7f2864d5af5931ff435665d983932e89ec479da9369f6fc6062
SHA512ad72bba7c8cb1332d68a47e40e378188d16b2efa21004fc50b6fdb6b4bf333f5c91df34838dafcc565ecbc088e88e517769f59a7ee02900efdca226a8435da67
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD589404a999324c173b1bc8d3fd67e57c9
SHA10bf2f345ec69bc7e6f697e6772958909ff371d93
SHA2568042b9ee33218b8619e96df5086161edbac747cf0022f7d7b85339c007a990a7
SHA512c775e7d4179c32d9e53804778eb468afe5f364ab1099507e8bb2340bca7a6b861c5ae019bb0af56dbf58a0d781790449c8bc952d933be3849d030bea1b69c9ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD505a3a895db9d3afc68c91b7e6e631792
SHA1eee2ac8ec5c3c5df5120154e8c9678a776985832
SHA256bf055e8176f378c8b712a32f7198c629001ca49d4bbde35bfaf26a305ff0c115
SHA5123d1bc816312f5b8666186b118cb7c804c24d8bde057d7a2732798edcb017daecd0a6ab0d3faef3e63dc5b1e1249a76ffb2175002fffd7f90663f782fa319d80b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD52c04b4f03661a34d0457efd97bd99d7a
SHA1936c3a0afa879c27f1fb7659a5dd4e72bf11681c
SHA256a4a1dfd611750ab97f8342122b1a17373df4ca16d80362e781a474710cb072cc
SHA51295886db79dde7bcd9433cfbc8505e2ee8326cfd8c55f28469ce401f9c4fc2e330652f122eb5d73f00957bcf0371ac86b8b65bdd1e3d5092f8d2d15d23448ad9e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5855aa19c7a3fc3bb38e5e1798b8d1069
SHA181f46701293b81eb839184ec7517cadbe7183fb2
SHA256266ad0aa503f4b7f7c63eab05e20244b1d9bca3853d00952ba90909543d1fdaf
SHA5120e5a521b22199f480595c81534c1dd3c3569bbb0b4ae292f7fccf41cc458218ca491f867feb0bd29a64b8d3e4eed3756ccd11f6afa51fd36148b5ba55beea2dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD52d8b1008d9dff7e5d91a5aa6f0a66ccc
SHA1c176220413adee1357848715e1bd464c929d8824
SHA2561ef261c69827fede0611031aa906937dacbae35e9e3e9d57be1b5bbecec17de6
SHA512b7027fef1dabb752af3038d759f0403e00c739ffc7c0c720709f3fca464f12a26fe92f9352df9cdb98c885e4a0169e7b2005c575ee7bfb20c44115a8ae8e6d9f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579c11.TMPFilesize
1KB
MD53c26058f51097b93b2ba0b08736c85bf
SHA1e4fd82e580611740d758482bddeccc78a4495dcd
SHA256d57233ebfb87db5be73fcd62b93cc90fee38f4c86a52e50c87210b716ead6b22
SHA5124c01474484d4e5f8595c93c74227f33b281f1f447ee852252d0160e1cd2905eafd471cbaf75a6352a0496a5706168ef83194c4ad20384b7e32ff338fb4ab84e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5926074ebb3b3ea58010e8f4842289d73
SHA1ea36273bb7821a72bd2c0d3634e711021b050d4d
SHA2565cdb287d04493c3acdaf88469418355a848355cb56341bb67813f994b147e5d8
SHA51256933396c9b2649fda84c7dc2804ae7c86c6af91e80fa57f00f38cd3fc17288ff7af0f25125dcc2db40e9580dbbc000bdc43d12943af8bf60ae7585ea5c23ec5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84