401a4331a93d10e54e8d64f2fa63a9e26c9c9752c63c948bffdfeb942401b120

Resubmissions

20/08/2024, 18:21

240820-wzcycswgpb 8

20/08/2024, 17:31

240820-v3tjvavbmc 3

Analysis

max time kernel
1013s
max time network
986s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-08-19 1.52.37 PM.png
Size

37KB
MD5

8e46f59d49b58086fe360fb013f5f898
SHA1

eda9261c2553f13e07dfbe13dcab8d6c13a8a3c9
SHA256

401a4331a93d10e54e8d64f2fa63a9e26c9c9752c63c948bffdfeb942401b120
SHA512

e6f6697312c1460a297b87cc47150f545704d374316654b901bff082c41e8c612e2cfec2e7ba30ce888ac66ed8601abf983bd35f6eb5aaf730367fd8e498fd45
SSDEEP

768:VkxvmHm0sutNBxCgNscF+qy9q8NcF2076YNAtPMrFrERGpeUfzP/dwX8Xusz:24m0PtNTCgNs8QBNLuNAP+FrE8EYzN0e

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{A58EE4A0-89F3-49A9-8DA1-0E1F06499C65}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
4236	msedge.exe
4236	msedge.exe
1772	identity_helper.exe
1772	identity_helper.exe
6016	msedge.exe
6016	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5760	msedge.exe
5760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 4256	4236	msedge.exe	99
PID 4236 wrote to memory of 4256	4236	msedge.exe	99
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 4716	4236	msedge.exe	100
PID 4236 wrote to memory of 1180	4236	msedge.exe	101
PID 4236 wrote to memory of 1180	4236	msedge.exe	101
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102
PID 4236 wrote to memory of 2448	4236	msedge.exe	102

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-08-19 1.52.37 PM.png"
1⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffa38bc46f8,0x7ffa38bc4708,0x7ffa38bc4718
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,12660400003518049156,17597219679291299495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
1.4MB

MD5
f3e6d157049bd7cd4affa8fae501622c

SHA1
5279fc5bd5f3b26f1f452adaeb1b084f36fa375d

SHA256
ad348df47e35f2c265cb0b202cf1f98457a021cae9af2f002b1f666e0d8eee53

SHA512
d1db03caf54a2783c70f79d12e85b7dc62ab793114a92de8238e255afba5a325e1cad9cf46ed986b56367b37c715c21c2edc5fd6a5cc6064fc4f94001d211057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2878855c109851f143bfd7272948ca81

SHA1
e117fb933924093e6b32f99faaab56d5f6ae986f

SHA256
3acc9c10d8af33f494dfe4daa9f7cef53beaaacb59d48fe79e0bc0485b0fbc35

SHA512
7b3dc0988093e9753e220634b7057707a97f1bb6bd08d8fa7ce45851e92a08c520bacc03b742d2f04c6815a9aa82763f310f807e881ab852591e278a4f74e549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
626B

MD5
7c86e0046fbcf18faf978cbe72a03109

SHA1
08e37a4c7872e79789d34c7b13b3ca3d54b2affd

SHA256
7358b296a44d8725c485b43df20321231aaafdd0fb3003314cbeacf273504634

SHA512
fa9630066865c399b0ce5dbe16da4f79c90f3774420d85632f1d4ca11701e7b19a4ad7d177619127545426e0c0213e073a45f54c7a7375c8d0d05f3029f76cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ffd0478a09afe864c9df00678c29b499

SHA1
004782488b1b8f4f9dcd3390983e97fbe408b9dc

SHA256
346f2a95a0676b339857b2a18438e4ffc99de332855f5fd23d782362574f3506

SHA512
e515cdca9995af40f123eafa427f711835090d65bab8d1c0cbf7fa6fb7c585c908cf4175c8b43c48301bb22e8c114a2abb0919ea0b74fa3af4f5231f190f3282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b623bdb998edbf557fb7a9329d687bc3

SHA1
ba53f0458e68f735b87955035a8924d43e9860e4

SHA256
a39dd06045accec84022193052d1a8d936cf931df12c9ce9cea57b68a757c2ba

SHA512
ae6a0c9de271e84dec78522c23304dd587343cc5f8b1092071dca5a724380c0d20d1628b437bafff324a6af5677efca7489a5d0936c0e861a982cf4bb57e8b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9cb8e2f86ff993132b0e80a2c948df8

SHA1
c5734aab8b6ba63891f1ea43167d6999e2b07954

SHA256
07da4494f1e6ce4afbba33454613dcdf020fcaae78f7aae2ccb48a2f60c99048

SHA512
5b2926f98fedcfd89ed917d1fcd4b2292edffe34fa9269d96684e7cd8cc9db3cb0b2f44bfedd0eb428fd386eb7faa2c5dde7f5c1187035edb8524dacbede47af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cff5a6b77aa49f026cb79c9cb2bf28cc

SHA1
dcd15f11a3517bc39e23591bdf2a88347ce01b07

SHA256
d23b236d8a934b3da680dc3c712f0caa4dc7babdcdcf996374ff452a879e8834

SHA512
e07993eb0d022e93e4abc6d38cfa8a64c7d87299d297b871fcc286666f5ee5ebfa5a01f639fb5f102233d8f33c829c5c8df1d77ea70eb752c79a0b5e1974690b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d64ae6d2e642723668f5b3add742cdbf

SHA1
e43705d1fbe1d1818ea0a8bc65ef259a972694ce

SHA256
ab864c59fd5f6ba47b67425d2c5e4a8ecb44076913c3e0551845d580a66df1d2

SHA512
78718897026ceb5fa9dcce6b61363a4dd2f7c0cd005ca721dd065830202f63d2b2c37842edfed7e8c8992ca04c7d4bba62a0d9ce8a622e24c1fd57ccc0e4bc25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b527f444a5541a5d9b3b86058f8d90d4

SHA1
beafbd48814acc165581cc1646e9135d4fef8a7e

SHA256
6b331c121332726fae7012b756a27515f74c3829702ff4dc50c7ba6f986848d8

SHA512
f24a6a752abd89221c98c28e7459bc1eaa53562f74f37418c0617128c000051697a940d75f4a2d264a173b74734e03ae3a39c17f1b56e37c1ca3c165ea6794dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dc036b5fe00023bebd3bed1233d209c6

SHA1
5e39601b05c8257c44a0d545285639b60673a005

SHA256
13c57b65515fd17c3d747a6ec5f7c8c3837569a37fd135f02d1cbd75a988171b

SHA512
5b70d56b1d60e99553a8df4b32e53744aa51ca3b684bc05398a8e5db1f6621bcde1aeafafb7615b9047ba8af338090d7afe9ea203a72f853903896ec9d48c457

Download Submit