030bf032bf62ef8b663e34dedc920a4e74df9c7702c0c9d8965cefdaaf30c2c6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

312KB
MD5

13e1b33563e5731e02b4e69ce6c4d082
SHA1

2df89851d138a7ab3451ce90510d24314fc1538c
SHA256

030bf032bf62ef8b663e34dedc920a4e74df9c7702c0c9d8965cefdaaf30c2c6
SHA512

6c07519a2067b50baca676b736739edac442118f2489f342d8bf6fd1bd7cfae14634b96e4a536e2bfd5c63b152ffbb56d246c05c3cab8c7656e5a891a8f57d63
SSDEEP

3072:xiAgAkHnjPIQ6KSEc/aHPPaW+LN7DxRLlzglKlVUlk:FgAkHnjPIQBSE1vPCN7jBlVUlk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2560	msedge.exe
2560	msedge.exe
4024	msedge.exe
4024	msedge.exe
4080	identity_helper.exe
4080	identity_helper.exe
6120	msedge.exe
6120	msedge.exe
6120	msedge.exe
6120	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 2140	4024	msedge.exe	83
PID 4024 wrote to memory of 2140	4024	msedge.exe	83
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 4984	4024	msedge.exe	85
PID 4024 wrote to memory of 2560	4024	msedge.exe	86
PID 4024 wrote to memory of 2560	4024	msedge.exe	86
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87
PID 4024 wrote to memory of 3048	4024	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff677446f8,0x7fff67744708,0x7fff67744718
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7908 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2796 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12004134088488037337,15844692598733344821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
71KB

MD5
ad523e385eed99c5c5b58c8d01086aa3

SHA1
169ffcc50ef8ac7f81247febd5c6706f801de392

SHA256
d0119efe566023652a3bc0204b553be03abad832ece7895e661a7203b3b4b127

SHA512
83dc7aa65a8123964e39eec277f04462c00e956877ef56cfe00c73231f6152e46134d0b1e1b46cc4c7e4b1d0be761b8d2342ef1459ad045776f6fcd1dbb12c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
62KB

MD5
4e2eb2c4c189c89aa6311c22a8570320

SHA1
6806395267e20c7f9bdc42173bd76148d9bef5cc

SHA256
69c0af62ae7af900694eded83d4ed89ad7fddfef3fa8fb4e495ae67bb5412f2e

SHA512
b0d9ab62344d6b71bd45196d0cb6f06ad6432115a88489b1f19606682ca97c9c26a1acd425e23f455a126f2b09f75769e628cfc987802fda933717116824f596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
31KB

MD5
7c12af56a17f1dcaa5309777746d23a2

SHA1
97104d419de5cff435fb952943f53aa8b6ec21db

SHA256
5c583a771c6e500b442edd2a4f11d0b9dbf86693f9e63edc947c34288bb0b36f

SHA512
0563344a85ecbca8ef5b6b48820292f35225cb6cdd26fc05c82e9042655e25c39e5ae085324f7f9d8acb3ebc7eeab4568738ecd97de266d82d0772781a8c2ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d3b5405d07331a2_0

Filesize
278B

MD5
188db4506ffe1d73f29b988f3dd3b27e

SHA1
1508926cb9e1e3c519ff9dc4b35114ad47502081

SHA256
b4ce045e17506dee3ec1e687d02d0d0752089dc52e63f0f6fff0c727520b5e9b

SHA512
6ab132d998ae64c974fab3c198f45e19f8e666c3ef506edd3ecf35b66ae56a16d99e3c6f72bce482d57db9ce08491c08e1e307aea8a5b11c69140321071ea3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\50d476ddec7ada94_0

Filesize
330KB

MD5
dd963bea81fa3892048e76d0b85b2013

SHA1
c678374c0fb4c422db06d50bfd3d76322f36956c

SHA256
2648628fc28af77abceb68a59251acc35aefdf977c00b52fb2b99fb4b1509136

SHA512
6cabab8c0bb09fc9766f28fa53981a090230c6d207ccb730ec7578f76f8e87f0ff5a26ae0bc478d9f4db5f1b64a9b2c8c23873e982e34892305943f990df3db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\864838404d2b08db_0

Filesize
54KB

MD5
882ba9cd44a40ef3adef37e3aa4013f2

SHA1
f8601c5c14612c97cea5837f833e0d60cfed1be9

SHA256
654139f5428692c39c9979e6faedffc2c3f2aa5b9a4b42de192f365b3649cf92

SHA512
ea3dcdbe0e1595abcee7f384ed2570db5472a3680e1f49389dde120e9422a8a00d881efc6629cdb2b9756db1935caa8208f5223a50895e1e7f1cbae9744892bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a1877b1ef3ecc982_0

Filesize
141KB

MD5
872af6ff71e0fca6c37c7135e2b91946

SHA1
e158a48dff50631d70f16deb39db92a60f736270

SHA256
5d4db5359ba8b6ef7aaa7201e1cbd04f5c02db747ffe11a2962ac0525a67b214

SHA512
b11726b1c55f84531724a056c53cec3fc37a635e757da559ed507790f1870e5fb33ad3b8fa502654c54bcf9a47ca345e82458d4db1ea2f2252b2245490827b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a98bf201db077361_0

Filesize
10KB

MD5
164e100541baaf19234027cbfa2f497b

SHA1
648279503054c062319e6374c0e740d0ce450082

SHA256
7c54ec80939e17e2975d813f0e8c7085276727cdf7c778b85946e81f0a9796fd

SHA512
0f51c08acd8a7172370afbca58cd0608e51edefaf78bf99dc6c8853a142c2b4a27b3330834fa3680c04bd6ad6e7e18bccf5b42a340dafc80c217ee3f0786b54b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d247ef64e22a8bdf_0

Filesize
268B

MD5
3fd221f5b7f4135e0ef7a565fba87375

SHA1
886656cc265ff240e1b7cc6ade3e85493ccf2da6

SHA256
704c37d886fa0f8c49ae2eb087f0dcd359aad54c965ecfaf6629da422473d190

SHA512
db2ab6187ad4ae825f74915b5737181d92b1736350f23d7c311d2e31bf35e660f6c14a55cedab7dfd589c7bc6678d0c4ea6cb0a89ccdff657ebd50b44f42bfda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ded21a327daad39b_0

Filesize
22KB

MD5
fae4c3fa711abcd99e2ef76f83bea236

SHA1
89dcf0e42ae2d970fa00ee8be66f8af12c07645a

SHA256
fc9c2ede223b37558ad0b215a26b33ae0ba74c22acdd4345b47e86a644b28c22

SHA512
19b8fd3bf72fd8f14386755a4cc6c32974da12e321630cbd52be1a430f901fe8831eb801f6ecbb94d10b1ad2b9d77d305bd877a0a8ae40f6c7a360da55072371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
352b301930486c92bd14e960cc87cfa5

SHA1
d0ec498ca8147df9d9d91b6d86ae938092033eef

SHA256
29c151690a20808c9f98e50ed678f9de73500fcbda8c4eb69ff60a0d30c3493a

SHA512
b4da7ee4c09c78dd91088bdf011705103f21d878f65d60d0fe5aa4b79ccb5ff21f95152ed76a331dbab7bd3f2f0ba59b3ff12ab80b2f6dc16740b5bc317694eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
265685b33d85219a5dcba4fe585a0785

SHA1
233a53222f7d6c99277be7780d16351c27b307db

SHA256
01a6b05cd776260b18e17fd58d6ab6fc6cd6f865e1975495b921d3da4f01ac70

SHA512
2701c3e42b51a32c736b4d60cba71368a656935e358dd0c425beb8d418bd979691c041aadd1279ab24d414cb7a723fc8c4923dc9ce57065878ed883e54e94117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aead6010a3f2e37abe7a925f23500ec0

SHA1
680c24f9b1c32a96153c229260dc30d09997e6fb

SHA256
ccb97d11358d2e35236d2390cb368b0db51d455924e99b562726ce6e6ef7f40a

SHA512
c22d17a1079b589c21e4b8c14276c7af770e7dca63a7315bf34f505689d9284cc60be6a8827dbd786700f48c42193e5b7fef286dc34c1f9bf1c9c5aa83d6cf0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
fa44d5ce9eb7d2b835c2d4f17e0c00d0

SHA1
f74fad257b66f578d270280eafb56ae2c67d31cf

SHA256
0720742f46e47d3586c3a3669189505e01d1c97739ee9df6b91bf364bb763120

SHA512
482d36e6de3dfb49be8d22fd7fd28372289fc73095a1547d22fa72741c779984779ff7412aa26b039ca5c879c0e803647f25129e5f4c8381384d83e4454cb2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
8fe35b1fea7d823bc737143a298e0ceb

SHA1
d2273dfb8932b4bc5f41a3eebb0041b5e6653600

SHA256
6a05d20ad369fcdcbb55ec1d0233e4553bd2adfb4612cae363d9ea5219baf6c4

SHA512
3402cb8826f8154ec814f4d4d4e4f0732d373f0b25422d69002535eac0b05244d591007e6ce00384c0aba25850900de82c1087b384b8bc1b3cfef21e7cb9e379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73f69f872b6b928ee6adb880d907dcf1

SHA1
c62f8b44b7b03fc7326ff8881c52104f48b72d1c

SHA256
e98f508e2170ee41c7e2c30772283a50165dd7332d7e7bc71d954af161093288

SHA512
02b1376e8caf4344fd16b9affc8906b683e9bbdb6d1fefb9a510ffbdc861ab72e203c4d4aeee142a61b03d03074e7d1c4f2fc229081a4e9b6a7bca1db33e2a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c7334cefa074cac21cdbc70c05b991e0

SHA1
72fd50d7681a2f9f062a9bfe457a36f88750fcdd

SHA256
68fb3cca45633ebcc5a1153c6a5e25f3a08336de9cfe6243aa40647869cb360c

SHA512
5ae5fcb72dfe4f3b1b8420a70636c40dc1c685d07ac4b6c04d15ec22e3f7f476ceb9b4950f2e5766c6ccfd29bc2141f75569e98d0b93b0242d0fecf181915c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f9fdc3e3362a469aa1114ff7d00545d0

SHA1
b8c104d18ce675e2ca4a4a5c4f146639c1fdbea6

SHA256
9edfc7dab2e38af2716c3aaaeb80851b9b40744836acc964e840adf7dc3a28ff

SHA512
4b00015b83274ff3bc02574a4a7a66a6f3e33e8943a0da4375f34cb9cfd8dc7d764dbbc331b1a54e25ad20f925416aee6826a1b4644fac7ad9949e1ce13f8a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
561eacb58606d3a42d14150506da4f9f

SHA1
6d07bd3bb7e833016c637d28bfabe3f2e4d28712

SHA256
f0bacfe6a3b9dcf65a0429338ebaa6907345df735be7872d9035fe8279bd6d26

SHA512
30bdb6b18fa072b479ca4d0e8fd4e301541f37598bf014846d927d67e0432a0c54b4a4c52d4e18bd7a3d25301247e85fdba0d8a55f005e37219b4a542c91476e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9d18a1a0d9761b4b199cbba9309759e

SHA1
482425ba65fcd4881cc4688d753d8ec08edeb63d

SHA256
d25e8bb54bfc66663d5dc46259697403b034f6330f736a42a43f2e89a2019609

SHA512
4376ae26e9e068050e01d5fb04471c3ad049f1538bad63186eaa1fd064895efe9ec7a5d6e01d181a3bcc1e7ff5781a1b9e0e0efc938bc71855b7b936a8d169dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
46895e36681c2049683d96df635d4a47

SHA1
a3a39b216b8d2a2304f3c7051c1ba0f23c36d0fd

SHA256
6828f5b52c76efc80b40b81028637fe0b1f88c0b40ee2f61cac2ab71db31bb95

SHA512
83bbdbf900a6bd3c29c643244109a7af6b4eca90bdebbd30393256fa0f9e2fecfa1f806d65971a9dfb618930ecac2faebf8e97573c337a4af5ba6ba969a42415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ad830369f533f750afece5be5af89f59

SHA1
eed846f5fed8a1f047df32e93758a0df1e32ca53

SHA256
5b6e1a97645fc67ef45e0dae9c726b70faae7dc5b4704f185546506d87ee6c52

SHA512
ee869bd072d9543735bc86dd4f8e7535cb14b8627da5a6e6d86eedb4106fc97d8bf3c30ae423208fce6f4a5747517f0c06372dc26ce39d00d8bd5f52dcd2ac64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b2a459f9c23f4eaefee8ecdf0ecc333d

SHA1
c487a1f886d31cefcf421819884612abac2a2145

SHA256
518f30dd75558613214ffa6d76cba2cec5db2dba93c4df8e81b297089ad3021b

SHA512
ab44c678234ad7678c4503958f8002846c0ad77665708fc77c0bb1ade57b1e6af5f89399684363b11622575f89c4aa12f0f9142ef3c966310c32bc3ce62cc3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5885e4.TMP

Filesize
536B

MD5
f2460406ffac816a66f884c4b2ec7396

SHA1
1a39ad169861d3e1d98c20fd7da4a0b99ed8897c

SHA256
6d7ff957d12e83cd5295bf7b64e92755fafe4d8d95118ca5f5b5afafccc6a792

SHA512
9f4fb17b3a140944b281e48296826599cc5df036574ce095bc054a15f4c59e8e94263a7a467877ad5c97d3b35b898811877e75fa852ff345063ce8354b96ce69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aee8a3f1920803035877e5f6eaa1a8eb

SHA1
1c7451a96b297df808a34b2960987e0d78e79d6f

SHA256
eae30cdb5e4127589eb80a9f821444178fcd7737234ea249c3a9f6b3dca34ddd

SHA512
a0441b684a131d676b358590a618ffae22406fda3323b5f276711974943cb4bfffaefa83ed3316dd3412f4aff62376a49a4034e8dcb567ed7ac4600c54ec7cbc

Download Submit