8199097c714b74645ad60419dfad56aed7a70760b52edf11e72ec1d6e8cb490d

Resubmissions

06/08/2024, 03:50

240806-edyjhayelr 3

06/08/2024, 03:47

240806-eccweaydrq 3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

1KB
MD5

ea5e0cb85fee80b763f1f21d49c7239e
SHA1

c92437083e2e011b812f6894e3ecb88e4cd08b61
SHA256

8199097c714b74645ad60419dfad56aed7a70760b52edf11e72ec1d6e8cb490d
SHA512

01bafca47051f1d447930b517a17ab878dd8c981b46d92a837c9c15c001aa28d018311ce741a27537b99480523821f5ace109c647ea7bd9d51fe937856c9036b

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{EFF12422-595C-4F8E-AFF9-4DF99B49D7AF}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
4100	msedge.exe
4100	msedge.exe
2560	identity_helper.exe
2560	identity_helper.exe
1616	msedge.exe
1616	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 2932	4100	msedge.exe	84
PID 4100 wrote to memory of 2932	4100	msedge.exe	84
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 4532	4100	msedge.exe	85
PID 4100 wrote to memory of 3936	4100	msedge.exe	86
PID 4100 wrote to memory of 3936	4100	msedge.exe	86
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87
PID 4100 wrote to memory of 2764	4100	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90e0c46f8,0x7ff90e0c4708,0x7ff90e0c4718
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6517293801652915361,2806487589081910222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x4a4
1⤵
PID:2092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
94KB

MD5
b6854e3a6731bd0909459b18a7a08d9a

SHA1
cf7b7942dba7026efec19469fb4dbb8d8777a498

SHA256
71f47749ba7bf442d337e4448d2e6b3f4de1e6f669d8c49180e3c3e1b858a8a1

SHA512
3576777dd9606bf3b756c56a4baefe23c2666aa7ed2c53e36d6fb20163c00fb7d9490ccc2354811389ff2a664306d95ed9a2166a5f44a0a879a1106427c72210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6c0b79ff37ce3ad203f1394da21363f4

SHA1
5e1dece2aa1321c3b4903ef77a01d5c9167b68fc

SHA256
bc8cd5e6bf28fab93d6cd5bfed594df48bcca97777fe584b6c0f07a44d0c0b5c

SHA512
4554c49b74934d238574e01c7baaafeee94214e451833b84781224d2df81d81535ead403b13771d3f47432c80490e98724b12147447cf14e4459fa78dee9262f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
48dd1561cf3756a5fe1e23c05ad6362d

SHA1
de2101082e700997aec3933be1bcff25e9f52625

SHA256
2d70aaa24491be9572dfdf081687be45a699958464d426c0d6612948839aec4f

SHA512
3a80899ebb284976e49ff5be507034612d4624aa10676513613c126660aaf4ef94b4d69afb7907ff73a22facde296d81bb4ea3740948931841fb4e199b697555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
25b786c7c2f15e8294f2fa9eafa70e9b

SHA1
3c1e27ce5baee9d3f679e099e678eb36fce4eb2a

SHA256
ac50d40335860ab92c909e44cdc383b2f81134bae39eb01f4df6f2c105c9cc3d

SHA512
e73f4b5376a0bbe5ce5359b5377c28abe35f2e656ec129a5ac9dea7744f766d44d6910a33d501649b07e73796e07fab4f967aae9f4a0c996bda8c3941ac16208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
02d1f599901fdf6e92eaafa5e58eb0ae

SHA1
bb3d9a3b9e2f4a179767e8ec6d2882e2867a5132

SHA256
75cc6c0d2aeadfeb438983624a031e706cd8981aa043230befc84fa45a6b15bb

SHA512
6e337e7a1c834ee8d8a1697e1592c636def707bf1b335284463dbf388c180814de315576d8fbbad2b21ed271543ca481de3d47389d6044fc7b84dcbad9b0b9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f9189b576c4015a5189b401c4332cc5e

SHA1
716d0d4fb8c7a7fbaba42c3fca53d8c181ee51bb

SHA256
30d7b9f5465859c1bc45a607597544ddcfa3b295f3127efee5e1d9972b4ef5b8

SHA512
6c58c7853a1e20c032bfb1875f622918dd21fae76839cdf1722b789f0e0fd5dc776fddc34bdf426b3ab511368506901c05f33e1917208960381efbf1f8732fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1062e2083cc29a710c619ee232cb5c27

SHA1
7b31ac0389c99be77616d3c64af6d75e234f6879

SHA256
3e0dbb13504210443172013d5c6cc9827ffeb0539022b935088226c37babdd96

SHA512
31cdaba429d3f369d07d6ee5271b25b05e8c8c8332df4fcbb53b6aff2b8538eee8eff26d28a673a6353d0932e2bd987040890b6a0e7a1976319187c811f05d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19f8200ed40c44eb754c52ad0cd6634b

SHA1
c7da1f3ebb9c4b155857a6134f8272fd562bdcd8

SHA256
1f0d2b7788d9562006156f20d9448b42ca7b7ad8c3244746b22fcbe64081a644

SHA512
63f38ce6a5ff07504e0a105f6ee1027bc4a1c93717ed42af781ced0ecd99972fcf5765380482097e18aae4a8dd3672b4ab71061fdd75a7ef42da2faf596537e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48bca237bcd19326bfc575057f6ecf7a

SHA1
b2a8f0ba4a43e0dca7ed9873c7ca59cc49495cc7

SHA256
a197bc522ef4dcaf28d0e34637c72003fca5e68d00b6904ff2fbf0561f4604d6

SHA512
59e2fb93edb6ea3066edfc9e8e8e436966692671607f35d1b687085247806f6d0857b991df15e97cacfc0aa67d2149f9e0bbf09da7b7e6884268f5d1c501f0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
73c73912062252c94c8d071569590330

SHA1
6d03a0e14e9e281d88457f3dcaf6a95f921d6fad

SHA256
bf5c5bb9627b5dfd8d04d7b3759183c12f5b89f13997684a0e4b1985327c3f55

SHA512
687c7de92532257183b7df596bdab6ec2f37bd192c6f5d64b354dcce07060c387fd6b73231550aa7ddaafa23299560e0a27a7e8970e28435314eef9580752e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ee8de8d376a06ea6e5e99ec1c65af687

SHA1
ef6a7feca9ca100da20917252b8806d190a54181

SHA256
a03940789e378ed53dc4a3720447d198519f9ca079b11ab646fc7468af7e9c68

SHA512
a52cda186f437579137185f5a1d2ddc3e68bdb9784ed2b1688d6146a452fa02c085ac7acd9e7c4004d36f160ded3f499daa787fe431bd6d88dd25e45d46bec9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2dae62eacfed89a1681d93ede4d30d74

SHA1
4c31104ffd0f038bc97a7987f1e5fb85526ee62e

SHA256
5f6138d180e05e5aa5aac0bcd3dfdd1cdbb5058389bfd2c5bf42afc0984adb53

SHA512
4b40fe15f9074b77068cf54b48c9c0abac3005d4b52865de638403779c55e2f63798fd7051c80c897dc518d9225ac7df74e9518580ba285ec2caec6552cbf54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
141f4067b3b65f6ead7e262121addfef

SHA1
c11de2a08a7a5014d855d35da4707c9cf45151ef

SHA256
75e8c6f6293d941f051b570f4cb9b7eddb3b054c189c4205615f3578e50125ba

SHA512
ad3a5f529d5b47b8387a4615e1385948046685042ea8eea374c3c32b0705ba0c12a47f3ef348ca06145c7cb3834bb86acb5d1b7994369b0b224b07407f475a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a95ef2b1a46c7a62230794b1c33ece86

SHA1
4b0472fe9d84e4cdf245b7f6f1e91d1528ee3f05

SHA256
e75bce4c63fda0d824f8163d051cf842156b1750ecf310adb9c8725e9bb01491

SHA512
137d530b715b43e06920f89146846577b24604026b09e60035ae96cfa5370ea2d15859e62d754f812a9e4973d607d17e083db975bee78788c7fd674e1033be95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e3db5d6f1b0d9009e2d0c193e8d1751

SHA1
8c442e103645fe19e34539d63c66511b5e173606

SHA256
106c0e66c8ffbd7c723a51d6719e4ad62247fea674a31be4df015e64cbfdfd8a

SHA512
6bac9dee2bef30f514efed7d64070fbf4d151cb9f62c92ef1855f8af49cc0f429303594ab83d289f2c7e8c198ea1990017feba2ddccde8950f5523ac853eb8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
10cbba4a1974318802f9a7a31f38ba32

SHA1
e57b9237e8d5bfd7d1d4548581625de90e597b68

SHA256
06748d4ac3b40916e86ea6a7e2922f487de64cc96bdefd961d1fb163a49a4220

SHA512
30b330e99e1e61ba6ce028a25a0d368fdaac9381a4589580b455894a54930164e9d611be938eaebf4c66d6d5548af4b29c70a0cc31be0ff3344e926f3d78ab63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
36373c5bb0b6a20c5ff2dff46a181581

SHA1
0b8cd03685c57f9a2c551fda57d88f1cf4872729

SHA256
8759da43ea6f8b936911aab098aa99e0d576cff3e9187b6a0747dcce06978ba7

SHA512
9568cc2595e29d82e33d9ca44ca7a27bda2ac1324897d883c701c26c3bcfe10eb500fb654dd8a4a22201a6fc17b68fc2f69861a338e5f1bde5842e7b097d3fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35829a2effe9dee842ed30f6c27b1969

SHA1
4c86619d925e8f6fc17debcaea9c972ac216be7b

SHA256
44d497a0eded1c4fd71402800961dc21bd7da45deacd68c933dabbf532919d73

SHA512
0c2b20e2b54f9a28cc1ce91b70610759d6025ab9b36c5a699a3efbc529b7d9bd43ef42a78ad20b3ff1dd7daf61ae79173a42a8f4471aa86ef272a3fcf8f4a866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09141d5de72cf320215bf612a951ed72

SHA1
a07c11d99a6ec143967fed77b7c4ae193902a042

SHA256
f08f1458a285df89e8632e471ce7377b18a2a9064a1e41b367589565789e3f18

SHA512
4657f583c35a96acfcec212d7481bc172a449d9970f93ca14b1222d18a850d225503a73a5b72d819a1a877efc8676f1dbb1c8a8652aa56a646fc9c969b7ca1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582016.TMP

Filesize
1KB

MD5
a64ab7bb2c28b0d0e33431e8e7c3efda

SHA1
34407e388ebfb20bbd0da28573853e5f467c445e

SHA256
53d0343323ca2fda622bead697f44b2dcd805673356c28992dbd7c2e5dd0e260

SHA512
1283ebd6a17a134fc8b056c354b7fb27acf015c4be2a86b8f73778d6c02d4bba852fe1c153bcb6d79c60371da94dc0d499bed7f48c0f776b36cd9c25b3d3df15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea4f7173f01976a47b730ce1ab0e6968

SHA1
450b52848a19ba6081cf4343df9864c69640d061

SHA256
588e34359a56d7474ed46763a974d944bbba9fe7b5bcd67994f6b6fc978bad59

SHA512
853e19f21119dc56ffbe87fd255d48dcced94694a10050d20f762d9b8a708a3b34f480bbc1a2f5deb9499acad00ac0a6e39b807f482e1b3f15fae5ddda0ea367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd0e39023ac10d7453d7e46ef48be78b

SHA1
72adf4551a7a07a14bb9b203755a57771a2c685d

SHA256
7c81af00b4ef8a34b92acaa58d6f73d24f78e15be13deaf3e40373b1249548e3

SHA512
cc5af16e990c01de4d3ac83ad187050cd49388d5571d0b74db187c42169d3fec23b3d6a72b5b3b2176e9a0438f19479621deb57a172b749e7104152107d01e3e

Download Submit
C:\Users\Admin\Downloads\08ec2bbf9b90c71fcfb135214e597399d489cd623d5c71c9665278ad30a0a6a7.zip

Filesize
8.4MB

MD5
89ab41793c166f5068cae791f7ccad85

SHA1
748397b07a188db4829c79d73a95dae46899ddb7

SHA256
0a823f2cd482efc66d8a99206797f1502ddb1eaa3796c4f32f5bc6be9a000357

SHA512
2a7a8e0475910de9b914c0ff56f2b5d5c88fc64c887379332087a30986f4d2fcdda32a638a4b89ce43474cdf58bd5fbde710aa5e83ac95d5cbe6ab8380a11f77

Download Submit