Overview

overview

5

Static

static

5

file.exe

windows7-x64

3

file.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    896KB

  • MD5

    5baff56c17ffe349c8293964a80eb774

  • SHA1

    ab14d0ff1d61de3d163466066cf9130aede73bc8

  • SHA256

    1a6f8b5457888e87e77c46089a7592c5105ed7ecefaa9c12d3aef7f81de6bcc3

  • SHA512

    5e5b9d42186f150d8aed260081e5a596e7d5ef9a85f34c4e2995b078183b963cd7252ebb3bdb1586a28eed267bce97360efc40e1871a09ae25e0445365f67097

  • SSDEEP

    12288:aqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTy:aqDEvCTbMWu7rQYlBQcBiT6rprG8asy

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      2⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd70fd46f8,0x7ffd70fd4708,0x7ffd70fd4718
        3⤵
          PID:2056
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
          3⤵
            PID:3412
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:220
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
            3⤵
              PID:3952
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
              3⤵
                PID:3476
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                3⤵
                  PID:3980
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
                  3⤵
                    PID:1472
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
                    3⤵
                      PID:4396
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
                      3⤵
                        PID:4432
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
                        3⤵
                          PID:2768
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
                          3⤵
                            PID:3088
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
                            3⤵
                              PID:4964
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
                              3⤵
                                PID:2588
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
                                3⤵
                                  PID:872
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
                                  3⤵
                                    PID:4380
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
                                    3⤵
                                      PID:1408
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                                      3⤵
                                        PID:3584
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                                        3⤵
                                          PID:980
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                                          3⤵
                                            PID:2352
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
                                            3⤵
                                              PID:820
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                                              3⤵
                                                PID:4812
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                                                3⤵
                                                  PID:4540
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                                  3⤵
                                                    PID:2080
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
                                                    3⤵
                                                      PID:2916
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
                                                      3⤵
                                                        PID:2880
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
                                                        3⤵
                                                          PID:3928
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
                                                          3⤵
                                                            PID:1812
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
                                                            3⤵
                                                              PID:5240
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
                                                              3⤵
                                                                PID:5248
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                                                                3⤵
                                                                  PID:5388
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                                                                  3⤵
                                                                    PID:5396
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
                                                                    3⤵
                                                                      PID:5536
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
                                                                      3⤵
                                                                        PID:5544
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
                                                                        3⤵
                                                                          PID:5552
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
                                                                          3⤵
                                                                            PID:5560
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
                                                                            3⤵
                                                                              PID:5568
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
                                                                              3⤵
                                                                                PID:5576
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
                                                                                3⤵
                                                                                  PID:5584
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
                                                                                  3⤵
                                                                                    PID:5592
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
                                                                                    3⤵
                                                                                      PID:892
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
                                                                                      3⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:5468
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13662944131734647941,1120868587271702902,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:2
                                                                                      3⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:4924
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:4992
                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                    1⤵
                                                                                      PID:2192

                                                                                    Network

                                                                                    MITRE ATT&CK Enterprise v15

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\0709281f-e485-4e33-ad53-85dddd5b791b.tmp
                                                                                      Filesize

                                                                                      9KB

                                                                                      MD5

                                                                                      921dad530eaef83fced55fdfb30f3831

                                                                                      SHA1

                                                                                      27546e55932cbbd6c0fd2cdad95c04916d6b5481

                                                                                      SHA256

                                                                                      9d7cb6de064f19c63cc12a264458f1ab7788c0c5844830b3e14ef1627d056c96

                                                                                      SHA512

                                                                                      32b072b1f9fbb7e6030a1c2bdb8a8c718435bc1e439fb6a559f201f58e8b568d192f5d463552715b3e29b90a24a5aa4992aa750852c00d718d464fd228e4ed00

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                                      Filesize

                                                                                      152B

                                                                                      MD5

                                                                                      99be9bdcb716749775096e53627c82b2

                                                                                      SHA1

                                                                                      e58a0f70a214207211fe2acfc5daac73e8234adb

                                                                                      SHA256

                                                                                      9b80b015d48922f5c86390768d96764a3dea24455ab00d11d6d99cb8d10e562c

                                                                                      SHA512

                                                                                      81bf89db07c9adb7b0b6ff44bed37e8a00bdbda0195eddc054a7de5d4083b1b90ed3313ddc4746cd93234b4706a3af2e753750f46bcb2d18221ef336c8e89de3

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                                      Filesize

                                                                                      152B

                                                                                      MD5

                                                                                      07626f7dbe20f77a545d6be2dd297d6c

                                                                                      SHA1

                                                                                      413286ec49e6599816d19f6b190b66933a020025

                                                                                      SHA256

                                                                                      5f0449ff432cddedf0a60ac36a9dbf59a9f81ac57a68e4dbf0d9ccbceebaf9e9

                                                                                      SHA512

                                                                                      bf740b4d92186de6e7c197f57d7e60e09b50b218e04240d0d0dc02d6b1dc34b65a125cb6128a62aecb6b589be675f1871daa5f234198115e1b4d5bd5f87e6f19

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                                      Filesize

                                                                                      152B

                                                                                      MD5

                                                                                      18846437054b5c124f96f4df699d2a4c

                                                                                      SHA1

                                                                                      c1e3f36e18adb55591420e385e9cfc9b6491138e

                                                                                      SHA256

                                                                                      f8c1293e56f2883767a546bb7eeadd952af8ed4c1f87ef7f8b99ced364b4256e

                                                                                      SHA512

                                                                                      89761cb7c1d6bf5976a3487435b804f81bdf4df43de4330680208372d22ffbda085cc896e1601ffe6fa028603cb02e7bdfbcb80f294189dafc469a2568b08e70

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
                                                                                      Filesize

                                                                                      20B

                                                                                      MD5

                                                                                      9e4e94633b73f4a7680240a0ffd6cd2c

                                                                                      SHA1

                                                                                      e68e02453ce22736169a56fdb59043d33668368f

                                                                                      SHA256

                                                                                      41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                                                      SHA512

                                                                                      193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\2070a260-d157-4eee-afa0-5edd54265495.tmp
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      b493530558c1186d8488439c5de57c3a

                                                                                      SHA1

                                                                                      b924de831e50dc36532bb397efd24b89fc2c6fa8

                                                                                      SHA256

                                                                                      6ac3380c438a3f26b99c300c530b9d182068161214676ce65ac306cf637e0ba2

                                                                                      SHA512

                                                                                      ec97eec8de65b5b96c3421be3016764f06acadfc79f391df2252385caf129ff689c6490a53d864c87630a4a38024fcfc292e5c658e9ce2fb76a20c0ff441af24

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT
                                                                                      Filesize

                                                                                      16B

                                                                                      MD5

                                                                                      46295cac801e5d4857d09837238a6394

                                                                                      SHA1

                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                      SHA256

                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                      SHA512

                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
                                                                                      Filesize

                                                                                      41B

                                                                                      MD5

                                                                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                      SHA1

                                                                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                      SHA256

                                                                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                      SHA512

                                                                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      68c694c5c3e3ae03f3fa7e7742c7946c

                                                                                      SHA1

                                                                                      78badd9522291ebe8f27e51972546773b2b19d5a

                                                                                      SHA256

                                                                                      d831cbbf62b9e8f8c8bffd1ed47b1963293c07455e5bcd5cc7a07134f25a0928

                                                                                      SHA512

                                                                                      1c9af2e031d1b8ca9f58cfd3827fa2b0672ac2018b732fdaae8a29f5ee2b5a85ce5543eb9310104beaed70e9ea652554513b5b0070210288c80d88d30649d8fd

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      52caf8821b6f3a860e3dab4aee042070

                                                                                      SHA1

                                                                                      cc7d3cfae78fc67519042084a146ee4df1a34f73

                                                                                      SHA256

                                                                                      83fa9c02ab14226ea48c7e771a9abc52272e318f853469c59327d197cd05a5ef

                                                                                      SHA512

                                                                                      0bc6d11acf6721f0e25d3e739acc121f479a654efd2b70ca90443eacede366456524a69cd7c08c2528ef4ddbdbee8295f77eb5d9b011729468020c22b1886f5c

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      41f13c2a9b126437ead7a2917989e7f6

                                                                                      SHA1

                                                                                      d61fd97e035baf87a5ce40d75bdf5d9663043c99

                                                                                      SHA256

                                                                                      25e83e760e7d7918c145429e43b08b02924c8c873d960d20e4f4bfe719eec700

                                                                                      SHA512

                                                                                      ac6760752fee72b537d1f3fd34e6e303a4daf803bcca5dcbfb6039fff2df889629c6bf928bd2306b2dc6fcbd30addf5278703ba2f757eec1f555b0efed7912d1

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
                                                                                      Filesize

                                                                                      24KB

                                                                                      MD5

                                                                                      0209fecd4c35206af5df83db5ae96824

                                                                                      SHA1

                                                                                      57ca1015ed93df0c043d2a864530af7a0bd34397

                                                                                      SHA256

                                                                                      d574a052d3634fdd71e946e7a90d1823d503b33de2415626178571f9054fcc0d

                                                                                      SHA512

                                                                                      f628851fc0f0b6776afd102e58f5f2a9480177300f9faf143b51e45a8e0f71343a9a95e6b807140bf3b564a1d47d84f2812173f9f0149aa3c368951544e14565

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57b277.TMP
                                                                                      Filesize

                                                                                      24KB

                                                                                      MD5

                                                                                      34b9e44555310306f147dababb997d09

                                                                                      SHA1

                                                                                      83a1b4cf0af80b915df1d9a3f074d0d6f2ed7e56

                                                                                      SHA256

                                                                                      da8963331467c0e3b35fca605e5641330037c0434361454ecb03fc3049b48d14

                                                                                      SHA512

                                                                                      cb5d66917d8e78b3729d5784ef8993b4f2960b5db5ca3ccd567d7189248cccdc972ff83242e64d53f9320b49d46cd3fb914d1b32e860305a54a5985d3976f263

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      cf89d16bb9107c631daabf0c0ee58efb

                                                                                      SHA1

                                                                                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                      SHA256

                                                                                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                      SHA512

                                                                                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
                                                                                      Filesize

                                                                                      264KB

                                                                                      MD5

                                                                                      f50f89a0a91564d0b8a211f8921aa7de

                                                                                      SHA1

                                                                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                      SHA256

                                                                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                      SHA512

                                                                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      0962291d6d367570bee5454721c17e11

                                                                                      SHA1

                                                                                      59d10a893ef321a706a9255176761366115bedcb

                                                                                      SHA256

                                                                                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                      SHA512

                                                                                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      41876349cb12d6db992f1309f22df3f0

                                                                                      SHA1

                                                                                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                      SHA256

                                                                                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                      SHA512

                                                                                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                      Filesize

                                                                                      16B

                                                                                      MD5

                                                                                      206702161f94c5cd39fadd03f4014d98

                                                                                      SHA1

                                                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                      SHA256

                                                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                      SHA512

                                                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O5LCL5QXB878TFFLEIR6.temp
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      47ec1d404d08d714975c9640420e6d9a

                                                                                      SHA1

                                                                                      3b94de0088220dd0270fdb577fad3cd275182e38

                                                                                      SHA256

                                                                                      c6fb327fe3b22f069e36ae44a60dd7b6c1f20053a1ed5d571833baffe9f3a0de

                                                                                      SHA512

                                                                                      5ad68497cf2a35cf7d6b5f6b61ce80e459e55d813502494edc3db49ce75e835051ee98f67becd223cf7cf4f01e1402c7d72356cf4b36005d291032069a5651d0

                                                                                      Download Submit