1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
Size

896KB
MD5

dc12b6f6672fb5207663bdc61e10f8aa
SHA1

d5c078b706871bc9ad4a7fbb1557ada47c818b95
SHA256

1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925
SHA512

23891bded905aabad807d5c9c55fbe26cf5e1c9bc6adfec9f269a837d621366591c58dd4dbe9396bc63b19565ed34499765b2ca743932d7041eb2fef79fa8390
SSDEEP

12288:iqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTO:iqDEvCTbMWu7rQYlBQcBiT6rprG8asO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
4880	msedge.exe
4880	msedge.exe
2188	identity_helper.exe
2188	identity_helper.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
4880	msedge.exe
4880	msedge.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
4880	msedge.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 4880	2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe	84
PID 2740 wrote to memory of 4880	2740	1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe	84
PID 4880 wrote to memory of 3276	4880	msedge.exe	85
PID 4880 wrote to memory of 3276	4880	msedge.exe	85
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 2868	4880	msedge.exe	86
PID 4880 wrote to memory of 348	4880	msedge.exe	87
PID 4880 wrote to memory of 348	4880	msedge.exe	87
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88
PID 4880 wrote to memory of 232	4880	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe
"C:\Users\Admin\AppData\Local\Temp\1ab5b718a73e9f1b5025ab9b1ce5cee5bb3d5773777f3cf65ba0ef824cfe0925.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0x108,0xd8,0x7ffe7afd46f8,0x7ffe7afd4708,0x7ffe7afd4718
    3⤵
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:2868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
    3⤵
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
    3⤵
    PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
    3⤵
    PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
    3⤵
    PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
    3⤵
    PID:1144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
    3⤵
    PID:1240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
    3⤵
    PID:3884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
    3⤵
    PID:3764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
    3⤵
    PID:4068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
    3⤵
    PID:2632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
    3⤵
    PID:2492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:2572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
    3⤵
    PID:2792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
    3⤵
    PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
    3⤵
    PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
    3⤵
    PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
    3⤵
    PID:1152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
    3⤵
    PID:4048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
    3⤵
    PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
    3⤵
    PID:5140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
    3⤵
    PID:5496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
    3⤵
    PID:5600
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
    3⤵
    PID:6104
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14188375518162844603,6836091290809092914,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7408 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
d4b6aaf3c3b10312aa4333bda1071a8d

SHA1
e08d9d0a52b494fb3d38607d221e14cdcb9c4f90

SHA256
5cf890aae7e53d1d5cad9ad1ae9b678c6b9cb8cf763afffc53249d2fe48de648

SHA512
5af45bcea2cc2e97259af6eca896521c82ea0165c84533ed7574b9cedd5b02c9c14d2594db3a7ea07c09f9884d8baba95cbb4c329dcd518caea4e8bdd6bedec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
4b173060407e2b36b8ff552392f5065f

SHA1
0ec56fafe770ea860f6a27b9a11e4338a7cfbecb

SHA256
1c95d6d2de9d71e5b387f9744fa95fee583ba60c53c06cdcd0501dc1a0d2906d

SHA512
24df1e85e8c5d0077cadcb4fd407c627d7c5d107f6124042dbd8f231f2ca14b2ab9c2b4c145c13aaf6899f1e0e831b290c7e9bebf180eccafeb01d9c1949130b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
7536a7b5d1a27cacaf6160fa843ef7f7

SHA1
1f399e908faa74b921a7f20437c0c616be9fb393

SHA256
3832b9451f7e53e43102c8c8b5414dce6904ae34a9653265a16ef6b434836ea2

SHA512
ec9d87b5fb22be666a836a3576fc721158878c040974ad67c841e2e3573cf1d0edc2792bece36b364f76997edff5858bcea6aee5dfd6e2ed303424367b9f5b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
c3309421d175dfc78c3c30d44e9c59b6

SHA1
0e25eab4147cfea680b8316555a4ec49b56e1302

SHA256
41fa4c935df231d8a2d55110ab62be012a3d0795074b3e3afe14041d7fb8f69e

SHA512
02d18c764b0288ce69739538b6f5078d46c409705d707716b203b0803670c367171c173fbe2ef05a9594d3af46aae69a96d76fdc8cbe57a0a71d82afcd48dc2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
32511b98303b1f8d1386fa3c7f2613c2

SHA1
c7e94eb973789d5f90401adfa871e536d49a6f03

SHA256
337f1f556601e3536a1dc8e6a2b8a38a73323ea233ef291f2bcc80376096c998

SHA512
3ca6825e5b899df5d6233a7bcf740a58cd91cc754ebe852f199e11db170ff9a4e251afa67201ac68206fa85c6637531cd732daed281af5728556b21542e82b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
d95bcc8eab649c076e0d4ffdef2560c4

SHA1
4b797813a4bd18f2128d7fbaa68e488f3918a8ec

SHA256
1956861a4b263c5d3587f27451c4e179697fbe9c1d3f6286507b1c414cbed41d

SHA512
a24bac365626877b185a4d6a6bdf3651e045f52f29dfe8a2fa7f4dd214006c39ad88eb0ec4b7bc19d42111d58f92520a919c38a404e4e19e7f2dcb0b3b0e1382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
b09c55c60b428ced58ba7690ae8f3dff

SHA1
95c2fb065f78c0df106cc534456fc26f782e877d

SHA256
87aa6d4ae5323484d081be19d258db1e3bfd1aa3e8d77ce85b9cdce58ef369bc

SHA512
e68392e42cd8d1359b1a3aa5f03bb9b544c265ac656e88a14f46c14d7312b809e892e309d0f88d685a7d21e5065fe0eab5551f132e9a05e082b411db346d0272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57c9e7.TMP

Filesize
4KB

MD5
0efd3d6970270ad9a60b16973edf1d2e

SHA1
df74fe3fdeaa0bf2faa6035d1bdae30f717963fe

SHA256
e0be4ee3de2f2f3b73e9f989476dba91fb50e05e5c5bcf12e0c0888f6aabea79

SHA512
b33143fdad60d8f8ca31e3877d337aa7e1c04aedc7ba82ec5a7667dde11f0aed34e8b655cf202d86c182d876cc13aabe185df37351a5710f72cc4b82ae20d816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
24KB

MD5
162613a2e509f94f10e438609fed7035

SHA1
07cb4befe6918dfa6e2fd28b6c06fd2e3f1ece0a

SHA256
f72427fa6e9b52af8255c6d2d8ac0407e9f42d5af1a84ef82f7f6c432673c01d

SHA512
a8c3641eff054c1e0969a6c9082ad00cb55b3a9a01f55acb41f965b84d545aec6ee66937aa0527e8ae9cf3868b221541a03ec57cb142f8d009c6d65d9e4bd87a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57f378.TMP

Filesize
24KB

MD5
40d4e8d30095818daed018daf7241c7e

SHA1
4136eeb4d2e3106aeee6c7424f92f2215eb41407

SHA256
0210ea2fd32ef63335f8a866e84f7f6b0361d919cecbb75955447b989508e23b

SHA512
8868884967b8129a91604851bd5af43aada6ef941d6b899c80cd3a509bde55cc38285ddfde5c9b24fd00c04401345d787b46f325602284521ef486f4d0d8dd20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\d15c4364-2117-4fc5-9d20-6be2d8e0e418.tmp

Filesize
9KB

MD5
503e26154f75e5008c2d32a68526e120

SHA1
7ce063006b0fba482f19cf28f35139a6f7de1205

SHA256
18dd98715048aa1c75d3cd24ef07b59d8be48d7c4242d854e9353f0c926b7d5f

SHA512
7458a58745af7db7cfc7885f56124fc0dbf93e155d529ddf512ab8c21ed3685ebb96b97beff323cf40a01d16a7d6d0a44a0aeb839d63842fb1052b479e334fd4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5D2PTPIWI7HRK5K0DMEI.temp

Filesize
3KB

MD5
b7634db4bba03b4b9527ddd48967ba99

SHA1
09ec89550b27f056243bcfc7570183d81ead19cf

SHA256
ce5918947537d269dc33340dc8a899ba23e597a67271f303f738c02855163e66

SHA512
15d79c3e47cbbaa139844d471bd658a2e1db2b0aaf52b2620280dbd9820ba7d85edc1798646f4bcb9c738b1331980c2d0de0fe0ed3e0376dde47dc516ef6d91a

Download Submit