5a199e504a31d8b1ccad6a0ce25e0480b1568903c332d10ea2d508a1fcf66811

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 01:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
Size

896KB
MD5

8ed23a69e2084e1a94597c441658254e
SHA1

d1870fdc6b3e94c3b4c606d314790748b84d4b5b
SHA256

b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393
SHA512

2b5b8dfdd953df04777aed0805d9464eabb102291b343327b7bae4d1d992dae3f796ad000c7c10de82f0f43ce6f10bc5932c14e57d6b8365071cb8ffc818b60f
SSDEEP

12288:MqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTk:MqDEvCTbMWu7rQYlBQcBiT6rprG8ask

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
4388	msedge.exe
4388	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
4388	msedge.exe
4388	msedge.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
4388	msedge.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 4388	1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe	85
PID 1564 wrote to memory of 4388	1564	b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe	85
PID 4388 wrote to memory of 1004	4388	msedge.exe	86
PID 4388 wrote to memory of 1004	4388	msedge.exe	86
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 1792	4388	msedge.exe	88
PID 4388 wrote to memory of 860	4388	msedge.exe	89
PID 4388 wrote to memory of 860	4388	msedge.exe	89
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90
PID 4388 wrote to memory of 4784	4388	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe
"C:\Users\Admin\AppData\Local\Temp\b37d3956036d1708f0338dfb76e1e65141401cb82c245da89b66b17927712393.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffaa06a46f8,0x7ffaa06a4708,0x7ffaa06a4718
    3⤵
    PID:1004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:1792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:3488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
    3⤵
    PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
    3⤵
    PID:1412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
    3⤵
    PID:368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
    3⤵
    PID:3476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
    3⤵
    PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
    3⤵
    PID:668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
    3⤵
    PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
    3⤵
    PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
    3⤵
    PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
    3⤵
    PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
    3⤵
    PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
    3⤵
    PID:5568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
    3⤵
    PID:5576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:5716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
    3⤵
    PID:5724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
    3⤵
    PID:5732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
    3⤵
    PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
    3⤵
    PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
    3⤵
    PID:5764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
    3⤵
    PID:5772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
    3⤵
    PID:5780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
    3⤵
    PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8088 /prefetch:8
    3⤵
    PID:5668
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8088 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:8
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13871625515681764112,15462854764401874016,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\052c8988-81d1-4ca7-bc03-d330c35816de.tmp

Filesize
9KB

MD5
8fa715784127e8fe98a7a89b7d3e5cea

SHA1
f2c4a0238f7615a0847d94c817e0b7210d33734f

SHA256
b91c48738eeeff7b9e1004178cdc5581a783b8be8a5c04899134c641dd9bf650

SHA512
5e86248c0f4e76e707eb3013ae70d7093d847a6fe1b5893a41a14828d8bdc17fd75e52c84d46b563479c8094274059cdf896ba55105996638417cf3984cf90e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
6ae7dd62b089c17646bfabd944647016

SHA1
fe3ee94cebb818d5df82fd5db1f92ff1d2b7b933

SHA256
e41333ab4b44fab716391e1ff330e4acf39698e2c23b7ae67dda7f2f352fae05

SHA512
bf91e4bf3624032914b65c7f335b7d6acd2978a29183ec06e90d27ea0d6ce3dae73dcbc71eed02cd8351d33b24a7aa7d7ac6a16277b66b849825c7c2649a9603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
4bd75e58c1603f7dbe4afd85218e7e31

SHA1
27d416e7fed498d30c3c80301708abee06575193

SHA256
aeafd437f3ef930b1e1c6b55e6ff91662895df3d810119efc04c79c7a12cc63f

SHA512
aecf9910ea70b01150b1b9dab66d5f1db997a513435a6998bc3e042cb94a6123a16d7ee54632f18e044f0e9e2bf0b18ea56c5b98242fbf95c9aa1bd4a7b3299b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
237db31a6d8500b91432d90d9d41c718

SHA1
947344a56b935723cc615090a9c24a5d6ef97a84

SHA256
2c9a5ec07e4353d99142a5c6ceb5a1a2523602313df3e1a64609d55968210ab9

SHA512
be1049e1dd053bd9c5a8a6a63c8bfe4d3c37072f1a343880fb093f81da3d7fa679b6456a36665e6c0413b51aa2d1f28b6bff1c67c410fb33d7d45d6d28625b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\6f6087f6-781f-4fd7-b8d9-4a9c4afdc503.tmp

Filesize
4KB

MD5
5d4832169066c0caf4db412e794a6e76

SHA1
f7609c40f797f26fa90b672d73579c1f1d4e2dfc

SHA256
dcd7ea7465f643ec812ba6446d1b81840a8aad488228295ad8540e8fd240e412

SHA512
87e5c00998f80717f1cbb255c4bdf993e9aa06a0ff8bc24e3a8a6d0883ce570bf7d57caa759a75b2c915270f711565abb27f1e16b3ec4dc4ff81e1d1684eac40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
82f556f4de4272aaae327f18a5e24681

SHA1
f3ff1f5622228f1a7da0badb4a5c6ec6772a82f8

SHA256
293d5287894733dcd973e7d0631e260f51e88bcac266d6f7a22438786c3625cd

SHA512
0fab0674cd1f2b345113eac9912a06859c43db5c89abc95b2df67b3595bdc08ac437c2339e6be2da0ff2c08b442d18c83680b8d32816ff86cc2608eb7a5d4e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
a2ce9be8cfc0f24fc350d7dd6aed375e

SHA1
d672ab4f6b3df99df68b900799640a6f79125746

SHA256
0ac5326db45a8a3198c695299acd89b622dc0dc71407f535942d1605b3fa9ac6

SHA512
b79abc69eaf8b29ed316f8c7f0a2e0f2a54dcc200304ce28d0acb163e664fdf903591f5aa25a8d69f1415f42efbdcf4e5bf0b6bbc0a5e0d862a7b10c9aa793ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
d305b384efa6db82daf9f4569b19b0fe

SHA1
ddca868f4febafa72e82ccda18678e70369cdeb2

SHA256
7044becd9f106fe53c0e7a4d0b2b6ce0fb1f2f04391c101a0b4cdb27c1c3b812

SHA512
2c5ddc5cb249a2eb1bcfc015d2586ac3bf05a4234a4793e416cd4aec819f320fb7664e6a51ce68c0a807d0ca1592cc240f693b7443b00a244fe9f3d1129b589e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
24KB

MD5
fe9a276b30ba919d228a2ae6f20990f1

SHA1
97a6f401c1e22f04ea5dee21e6c8b1bee929118d

SHA256
5eef80f7b68a47a451625e23035c6d921be20e1cec2ed20dc56b802e55a206c9

SHA512
05707c0fb527b8aea5abf96707fc6e6e8a33048f8a2b4f24d0eb746c14ce695f0da3cc36870192b2921deff47f25383cde6feb4fba766d17e1d33b332e197af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe58077d.TMP

Filesize
24KB

MD5
d31c8b216b6d2489e3ef4759a2d24923

SHA1
13a1b897b559de17d96f23a6880ece9d488e505e

SHA256
93dea60343be79d421dc2d34ee93b642fec1e6b679f3d07b45805405b7acb62f

SHA512
8776ec0d24d482aa5b69f875426145fa73b9e24c9aa19833367f7a61b8d6302edb5e568e4c6add4d3e6637b12f9aca4ca01742123dcd4123efd29eb2f753a8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V7KPYRO4IKGHREM5VY6S.temp

Filesize
3KB

MD5
7f9944612cfb4047c5a3f73c53eb1cf9

SHA1
6e67560e5b690d411115b23b5a18965a5b9c2217

SHA256
682a170cca44d25548d49849312f54ad38a0009256e0ceefd1dbb18deda97b41

SHA512
a2e3e585a98ecbf5b7e7688d7345e199793ab64bf57462019222b64264449f967ea9f02ffa910130090ac5c849d512658065417613777bcb02df88905a6683cc

Download Submit