Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
03/08/2024, 03:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win11-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 8 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{580B9078-C5C3-4608-B797-2A9060C68775} msedge.exe Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe 3472 msedge.exe 3472 msedge.exe 4392 identity_helper.exe 4392 identity_helper.exe 2372 msedge.exe 2372 msedge.exe 2076 msedge.exe 2076 msedge.exe 1288 msedge.exe 1736 msedge.exe 1736 msedge.exe 1736 msedge.exe 1736 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3472 wrote to memory of 4900 3472 msedge.exe 80 PID 3472 wrote to memory of 4900 3472 msedge.exe 80 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 2176 3472 msedge.exe 82 PID 3472 wrote to memory of 4740 3472 msedge.exe 83 PID 3472 wrote to memory of 4740 3472 msedge.exe 83 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84 PID 3472 wrote to memory of 424 3472 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb40233cb8,0x7ffb40233cc8,0x7ffb40233cd82⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:22⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4724 /prefetch:82⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3384 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:12⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:12⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4044 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1736
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1432
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b4ae6009e2df12ce252d03722e8f4288
SHA144de96f65d69cbae416767040f887f68f8035928
SHA2567778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1
-
Filesize
152B
MD54bf4b59c3deb1688a480f8e56aab059d
SHA1612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA5122ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7f1dd1d4-ba39-448d-8047-575b121c9f63.tmp
Filesize7KB
MD53087796fc1063209173586016a32652c
SHA1a84c1d040bb0d91f821b42d29feacd3aba2c9a58
SHA25674dac711f9e0425dd2ad792f870f779b35e77e4d7bb9226475894018d5213082
SHA512a03aed51d25cb8820301f51e3d264da1825ad5ab6592e927ee0e5fa54da9fb80b832607f61f755f7785a7875664d49e14f7064f9ed4ec49d149a6cda700d84ce
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5b0c9f5d2a262dc5c04c85f8945f35a29
SHA1a97f0da2fdd775c19163a088e2b8689d2ff258cf
SHA2561eebb8a50ed78da3805dd645ca5f06ceac02e0f4df12bfca7e9520bf11597419
SHA51212cddb30a16ce4ae2bbb68e4e7b3a043908dbc3c5474c2ed0343f2d1684fe65cddcc49963e80a36fd35dfb170f545d6ea8efef0381a72ef885d915be727f01f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5b3b587a38f3271c282db074dd0e28a17
SHA1b9b2727dad0410e02ee042e82fb4a07243ee2d97
SHA256e455f2cd64047905571075fff5749b2c63c07556d8b391079a4e759af89ffa51
SHA5121cc6e5b399733837935dae186dd4be4f5d9975902684a5bacd9beba28af64d2b4d6d96b278bc4571ef7a1d6714ba63626b0f690acfaa91e0d72aaa4b05f6d56d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD55e74b3d3b89f46b9acf74b11491c0776
SHA1d9b12532ac600f23ac6c8fdc1e4717e1d60756e5
SHA256dfa879fe56a63f8d8aab52d6fcf9f764f1d90b43fc8e608ea343a9e09ad264f8
SHA512ced707b21fcab8f9a5274e84bdc07b77110f8a8ea5ff68b677133e99c8eda6aeb33ebd369c5512658ae7ac621134ba31cddda86617c4e05bf5dbad7fcf4bd297
-
Filesize
3KB
MD5aaa5fdd86c398cb132f651d61854f2d5
SHA1db7304f87508b37da43525c7ef876abea0391d82
SHA2568b9df3f25c469a5efb89199499efc5c2bfdea7d4815b2791665b53c63e81458b
SHA512e1f3ef98969c60a28a13ae382331dc5813e35c557c95964332a1d3a04173b3565b2d4dee9e7872381b0bbde52e6c891f17313b380c39a62c0f4df256ac4f94a4
-
Filesize
5KB
MD5d7adacaf4ee6d91c093e86ddccb0a19a
SHA1256dca946c57715ad80c50f34972f720c73f858e
SHA256329e9c3fadb565580cdfd9c4e4e43c9f7e8e63f71eff0f17eeba4f58a82e3d30
SHA512207e48af73ac1b42ea5fe613ec6530431b25a6e2e7ed9559077e81e345fef7c5ef8727626526d032a5526cd3377f901e4667c819b106145c8513d0a659e0409a
-
Filesize
6KB
MD5ce2c09606e11abaa5f8dea783bc1eb51
SHA13abbd963a5ffdc6894d2de7f49560b447b7ae8d5
SHA256ccf38d595cf705c41f02879af07672e92e396f0c7febdf938e1be8ad545a19d8
SHA512c8efc6818985b6c3d46e1088cc2e67bc21b6e7c5da4c93b5f19470cf88d0f5b716e9890d2e0e1f19174ea537708ee99e752ae0f8ea0f0b5343c710e51ad3f9f0
-
Filesize
6KB
MD55fb04b55b70b0ba8deeb1231fd9cf59f
SHA11be939b872a03f377d94a1193abde896c2c53037
SHA256437565e517ae32286f10a33b272723da6d49fe5fe2ec9aa3eb47c9e574e335da
SHA51208912f6f87d515d7c09d78a04a2addb20b9de08b9e882bd60d08e5fa63d8d71595779dd6388bda0329deac9b2514e7b2902dd6c41ea0306f1fe69a5899eb3a53
-
Filesize
2KB
MD5127fdb49cd9b79688a237ce4af2ebe8c
SHA11a5bda8dcd520a4ab464460811783ee09b1c553f
SHA256d1ce5f72ed4c11bc63671fc66dd75b6c8418b1087b2c5236d7c755bc0dbd4c7e
SHA51254678ee1920f46cbe11ee08eebddcf66dd7104fc37f2c71faa12c530429667b99d05732fdbc5fe455c54c05a4e8a8b5b556db8c1a3d31f5036513a0efd0f9bd6
-
Filesize
2KB
MD5b547bf61ab0f1d31796a58b39d1ec1c2
SHA16bad47b0bab003168117777db1f5554ad13c556f
SHA256bb8e64fd709e506c61808ddf4615ef4b011770b444755305125dbd5314269238
SHA51240f714d8600b020727e2511ff1e24f74fda7fb781f592c101abd0219045298ec0bdc16cb9ec6df18d1e32baad29db93c8e6e5605675ea68e336f44ebd7d69fa0
-
Filesize
2KB
MD50be5519be4cbffc404469c8d4edeb82b
SHA17f5c7e39ccabf9afd6aa86652975216628fb0d00
SHA256bf6f5aa32641f65964a9ed6b7be5556921a5a17222bade68829074f501ecf6b6
SHA512ad64214b72f430569d1b2c8610ffbc55a02024fdaacd89bab0fb5c29f4286d2e349ccc03b4eb541ea761f79783a60186f7c4ab5e7a9f149593c5e576a9c2c1f4
-
Filesize
2KB
MD5c53b07e9aaf2935ac228a238168cec23
SHA1174ce972f6b3837cf62d2367011eb50b55ddae72
SHA256207ee29db714adbf8ac4b7a5e2c47acf583bd40815e51d369325d1c6a03ce0b2
SHA51298f52831ee418c8f6690d374970e64201b473c4624eb8a81c570cdc32e0e584f25ec1d68963fbf67a7a8cc481fa4aeac51e05d7c0bdaf52852935ee93e5832b4
-
Filesize
2KB
MD50df4d823151e1f14aeb42f69c497cfc4
SHA1df1aa1efca244b44119e3fa5f9e37adde66acec1
SHA25652ab010fb0574233e816b38247a6263e220aab5f2f44aa3c74b539d52685cc62
SHA512b75d9c1926f810933fd126fc819c3e366dee40b5e5fcd82d842aed5834951510fba0cd5c40606a1a1bf672e28694bd92502bc03ecf1b4d0a7829ddca59b73491
-
Filesize
2KB
MD51b54bfa4bb4b95d79c9c8c400373290f
SHA1263d5b3edc9fe71914bfa436855fd170c0e333f1
SHA256720bba3be8181ff1cbb6ab0029f49207eb64590c59ee9615befa2b4527faf40d
SHA512828e738ed8a1be9d157aa9bfc40a609eb9e20fe69d5ff2efa5cb465a3161a4a3e56f2886e605ad827f5eb78f35753a5fb261e7b70b9befbe66e5ad4dde936b3b
-
Filesize
538B
MD5898d755ddad1d6f1afdfd34a2252ac8f
SHA189fea2074fa4c21bfff56e8e2bad0bdd21e9f095
SHA25633922612ce88f70e104d669b3b457deba458067687a06dcaf85af78a79e1df62
SHA512f3a15d7bf3e2ffc0cbd1bd96fd0dea937e9285e9e5b06634021d8c78bb8e06d1657cde033f25118cd86a65773d5db38126575b3f1cc49cf08a39a1999fdf7428
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD539eb6dd213b74c7d2f33f1c952f120ad
SHA1da6ff08930d2e46ae4d5591eaa8a46d288b22c5b
SHA256e7286e85758a44b60cd8a98027d319d05d5c2fa4a8eead769e5031578e4216fd
SHA5124e0a1f9af9c8ffd5f06c8439f8c300215c356dee0f179a16fb24ba795b8c29b603683110002236f1a3c0a23180fb52d4e5ee1b345fbf84c740537e259ff7d5f4