Overview

overview

5

Static

static

5

file.exe

windows7-x64

3

file.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-09-2024 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    896KB

  • MD5

    f6268e372b93ab1276770635916c17a3

  • SHA1

    248a55c1fb5176286ea10e02b37690903a72794e

  • SHA256

    479328908ad77d728b074608714d0047fdbac265c2a2297ccb6930c573a32dbd

  • SHA512

    f1407885c35ceceb8c4c8e273dd61b3e8639e9662e543cfa4d70a751e1216dbda1c9717bd7876b31247fa668a16ff273b45ebf2c8ce6782a9cc30ab0d0234218

  • SSDEEP

    12288:hqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTI:hqDEvCTbMWu7rQYlBQcBiT6rprG8asI

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4448
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      2⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9984b46f8,0x7ff9984b4708,0x7ff9984b4718
        3⤵
          PID:2556
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
          3⤵
            PID:3708
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1232
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
            3⤵
              PID:3816
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              3⤵
                PID:3080
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
                3⤵
                  PID:1960
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
                  3⤵
                    PID:4704
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
                    3⤵
                      PID:372
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                      3⤵
                        PID:1496
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
                        3⤵
                          PID:4396
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
                          3⤵
                            PID:1044
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
                            3⤵
                              PID:4484
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                              3⤵
                                PID:1772
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
                                3⤵
                                  PID:1132
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
                                  3⤵
                                    PID:2680
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
                                    3⤵
                                      PID:3712
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
                                      3⤵
                                        PID:3148
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
                                        3⤵
                                          PID:3464
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
                                          3⤵
                                            PID:5088
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                                            3⤵
                                              PID:728
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                                              3⤵
                                                PID:2876
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
                                                3⤵
                                                  PID:2312
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
                                                  3⤵
                                                    PID:2456
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                                    3⤵
                                                      PID:3488
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
                                                      3⤵
                                                        PID:3664
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
                                                        3⤵
                                                          PID:1868
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
                                                          3⤵
                                                            PID:1584
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
                                                            3⤵
                                                              PID:3104
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
                                                              3⤵
                                                                PID:4844
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
                                                                3⤵
                                                                  PID:724
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
                                                                  3⤵
                                                                    PID:5176
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
                                                                    3⤵
                                                                      PID:5712
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
                                                                      3⤵
                                                                        PID:5840
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
                                                                        3⤵
                                                                          PID:5976
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
                                                                          3⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:5448
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6959520660876498987,6115868506555103917,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7112 /prefetch:2
                                                                          3⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:4324
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:1308
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:4796

                                                                        Network

                                                                        MITRE ATT&CK Enterprise v15

                                                                        Replay Monitor

                                                                        Loading Replay Monitor...

                                                                        Downloads

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                          Filesize

                                                                          152B

                                                                          MD5

                                                                          5ff5bc2d5144ca6fb6c9c9942723a426

                                                                          SHA1

                                                                          7daa4e53eba69392a72026b3db7ce5893d8556c0

                                                                          SHA256

                                                                          161e4e232370006239ef75b5e9a83857d6e767b9f3d6bc76b90d2249721861ea

                                                                          SHA512

                                                                          f2bb861cad51fd8aacde2c4951f6af128e1fe50dbd59aa0682fa0bdb024d582d6ba0be13b3bf9cd62273f2e60ac6fce34ddee6b98645c12bedaba785d65d3490

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                          Filesize

                                                                          152B

                                                                          MD5

                                                                          699fd2ceeb287a4b6b9afa3922e89739

                                                                          SHA1

                                                                          41482a466fffb478e8fd636b2fea097b431dbf5f

                                                                          SHA256

                                                                          d13cb175cc2f87c9931506420fe8842464956f7a043afe77f3ce06b4c904a6f1

                                                                          SHA512

                                                                          643a19641fe96773c8d41ff7bfb1c03ca6d724cadac25d9a1ed1823b10a5f428f240ff5b24befdaecf26b3932a138739dd1921c5f940c2b1ad3886d1636fe541

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                          Filesize

                                                                          152B

                                                                          MD5

                                                                          07b459d299b8c105b9942616a4a67594

                                                                          SHA1

                                                                          8a91022e3c1f5a657628d81b2ed672e8c8c670fd

                                                                          SHA256

                                                                          b5b2022504ac59de0864ba314314eb547bed12c5fd3c20a26187337d3efe5e1f

                                                                          SHA512

                                                                          b2fe37009fdf2d13a35be7f02665666269864ac5123233d54884f929435cf643c37355b0234e11f04f4eaf82c1b63b866c397ce15f6ee67e9f29eedf99c81e6f

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
                                                                          Filesize

                                                                          20B

                                                                          MD5

                                                                          9e4e94633b73f4a7680240a0ffd6cd2c

                                                                          SHA1

                                                                          e68e02453ce22736169a56fdb59043d33668368f

                                                                          SHA256

                                                                          41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                                          SHA512

                                                                          193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\5cfffe1c-b30d-447d-abe6-f1e027b03e6c.tmp
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          fd78fca480eb18d7e08ca739c881658c

                                                                          SHA1

                                                                          8dfb1c161941c9e219ba5a28f6cffe718b0d3bdb

                                                                          SHA256

                                                                          3920830531bbac7bc32d6527f973360370d4fc53a56b61d84ea2a13fdf1668f0

                                                                          SHA512

                                                                          5b5316454df3db1323195bd8296c1feb86d8f59861e19fef18cd1ba77ff6cf11d64ffe3005278329dcbf3a7d40fc5c9a6c9523f88dc579950d3f22fe5e92828f

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\9aed0356-6017-403f-9abb-2e1c8b0b81a9.tmp
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          5008aea004f8d13cb2159673248e231e

                                                                          SHA1

                                                                          f0660128b5d2328dcff6a77a4812fe7a35cb354c

                                                                          SHA256

                                                                          64f3e82eeb30346bec043a5ce653f65e9af6cbb1ba945ab1a28c06a4609530ce

                                                                          SHA512

                                                                          703d68e1941e56b21176a621a1c600616bc319fb5511f40adcc61b9e6d7e39271d5cb4840973fa64cc7c1b3039324b9c6364aecc6f91b26110637c4d2ee0464b

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
                                                                          Filesize

                                                                          41B

                                                                          MD5

                                                                          5af87dfd673ba2115e2fcf5cfdb727ab

                                                                          SHA1

                                                                          d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                          SHA256

                                                                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                          SHA512

                                                                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
                                                                          Filesize

                                                                          1KB

                                                                          MD5

                                                                          e38a2f586661c0f589e28a311096220b

                                                                          SHA1

                                                                          83106d1960c7fab045de3a635e42ab884e36f433

                                                                          SHA256

                                                                          1b7407716712d271f343230d256bf8d1503fc6a166987bb75d9ccb2f7db6faf8

                                                                          SHA512

                                                                          4213b0c54d5c4bf6f572b350e71d5a890aeb89df48d841d5be4afba4b9f2a2937ee111e55c730e93c11fdca95e0f540fa205a300c08e028dbaeb498739ccee7a

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          ca1530deb12007250799f1624ed8d559

                                                                          SHA1

                                                                          be0eb7737e03feb59604eba946a8367a8ba172af

                                                                          SHA256

                                                                          0dd4e02660198fd4567004d31f527ef364428056e00778bab300b7c618efb83c

                                                                          SHA512

                                                                          cf6519345a028f787ce6b277b68b59d0896e0e6e7f25ca09b3f605b2864459575c8dd5edf185c00406e8b6d646ab73391515d824c2d35ca9bb46418dbac9a59a

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
                                                                          Filesize

                                                                          24KB

                                                                          MD5

                                                                          b5268a52f38d6b79413e8f9851b7e03c

                                                                          SHA1

                                                                          535dc04b9a1d43614a4cdd6f707ad293a7863059

                                                                          SHA256

                                                                          f175dce9b7606f00e32728d30090e1c20a9f92d91215dcb26100a8e3dfa183aa

                                                                          SHA512

                                                                          81dd360e0a75aa90ea2ef2ffd26fcbb60916a28b4bfd929be57014d6c9468eb64a1c53a1075c8ace93382238245c9fe20ce5c58ebd6a87abb53f4badc19c03a4

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57b16e.TMP
                                                                          Filesize

                                                                          24KB

                                                                          MD5

                                                                          048dc4d7f54f373bb8d9373b081cfe1a

                                                                          SHA1

                                                                          03caf0ea6fed954b1d7c4bbdb69de4dc6c07c9f5

                                                                          SHA256

                                                                          669083b4406eebba7509be56fe328ac289ffcb624124daf9d58cbe9783f29e23

                                                                          SHA512

                                                                          15e29fb85d4a8dbba4167c2f398d7f4e78def6bbe32fbf4d57da84736e296b77a7923aedad9e3d89df41a2f981ed68f7c8994fbf7ffeb46585d2e49ae2fc6f4a

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          cf89d16bb9107c631daabf0c0ee58efb

                                                                          SHA1

                                                                          3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                          SHA256

                                                                          d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                          SHA512

                                                                          8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
                                                                          Filesize

                                                                          264KB

                                                                          MD5

                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                          SHA1

                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                          SHA256

                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                          SHA512

                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          0962291d6d367570bee5454721c17e11

                                                                          SHA1

                                                                          59d10a893ef321a706a9255176761366115bedcb

                                                                          SHA256

                                                                          ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                          SHA512

                                                                          f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          41876349cb12d6db992f1309f22df3f0

                                                                          SHA1

                                                                          5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                          SHA256

                                                                          e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                          SHA512

                                                                          e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT
                                                                          Filesize

                                                                          16B

                                                                          MD5

                                                                          46295cac801e5d4857d09837238a6394

                                                                          SHA1

                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                          SHA256

                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                          SHA512

                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
                                                                          Filesize

                                                                          16B

                                                                          MD5

                                                                          206702161f94c5cd39fadd03f4014d98

                                                                          SHA1

                                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                          SHA256

                                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                          SHA512

                                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\a395b7b8-43a6-40be-afdb-db0fd261817f.tmp
                                                                          Filesize

                                                                          9KB

                                                                          MD5

                                                                          e2c9382cbd7ff504b41bf46cb14a446c

                                                                          SHA1

                                                                          aa96f65f23442654f58eababa3089a7d615fe0a7

                                                                          SHA256

                                                                          9427c12c123462859e756b9e8c648074d3fcf1b6c29fd78a9f647cac38202b68

                                                                          SHA512

                                                                          ef34d29e29e5489b6cd9bef9fc55864f3879afc8836d60d972cf3036a2494f77f49bf25c99f46e7702d45db200e7f39d5b905c84dbd2dc3873651ea4ae2cd61a

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VUT97WRZ6PRAFY1DOG2G.temp
                                                                          Filesize

                                                                          3KB

                                                                          MD5

                                                                          d15e0c4fb1468e9a405ed1dec7f1090e

                                                                          SHA1

                                                                          e40497d10fc0a450c7bca639399336440e69a727

                                                                          SHA256

                                                                          fe9ec2a44008c4130bf6b89549f07808679abceaffdbc4f1dda9f2c5d8ac2d08

                                                                          SHA512

                                                                          163b748e76ebb534f04bf861d1ed546264877afef4a297b2039626b195c2ff5350f1cd17c755fdf973316788d4ee4b2b3aa483100b5e8cb806c8179767d105a0

                                                                          Download Submit