hxxp://google[.]com

Analysis

max time kernel
141s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 14:57

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 1104 created 1320	1104	taskmgr.exe	82
PID 1104 created 1320	1104	taskmgr.exe	82

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
5596	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\TypedURLs	taskmgr.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{EF7BB1B9-C4CA-4BA1-BD5C-5815D5B70978}	msedge.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
1320	msedge.exe
1320	msedge.exe
3392	identity_helper.exe
3392	identity_helper.exe
4532	msedge.exe
4532	msedge.exe
1104	taskmgr.exe
1104	taskmgr.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1652	AUDIODG.EXE
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: SeDebugPrivilege	1104	taskmgr.exe
Token: SeSystemProfilePrivilege	1104	taskmgr.exe
Token: SeCreateGlobalPrivilege	1104	taskmgr.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe
Token: SeIncBasePriorityPrivilege	3468	msedge.exe
Token: 33	3468	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe
1104	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1104	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2644	1320	msedge.exe	83
PID 1320 wrote to memory of 2644	1320	msedge.exe	83
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 4068	1320	msedge.exe	84
PID 1320 wrote to memory of 3544	1320	msedge.exe	85
PID 1320 wrote to memory of 3544	1320	msedge.exe	85
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86
PID 1320 wrote to memory of 1936	1320	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83db846f8,0x7ff83db84708,0x7ff83db84718
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2888 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9430765801969739441,6910057191725443719,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1652

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1104
- C:\Windows\system32\taskkill.exe
  "C:\Windows\system32\taskkill.exe" /f /im svchost.exe
  2⤵
  - Kills process with taskkill
  PID:5596

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\eba18bcd914246eba66482be35808fbe /t 4000 /p 1320
1⤵
PID:5292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
26KB

MD5
1de4708beee6992745a7c14b7d8580da

SHA1
03bb2b7dd07f1701da7cf19b68dd23a2b298827b

SHA256
ba0ecf05941451756a9acfc7a913e64dd56ddee8f3811c8a9f1cdd0a219ad64b

SHA512
5d21cd342f3f70a7dc4bdd3b100e6677e74a7fec22af3ffc9d048618d1daeb5dc5e3f1511ffaa2fddf2f3e49b31351d7d4613f7f03e21d2b609483ad6aab9c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
105KB

MD5
70d0465662bce6e5fb92ba14c3210212

SHA1
0484e74d1da4aa8266a3623fce50180a283be6b5

SHA256
71225d03df0d009e0d3221ac9dad5e5815c96f3feb4236ec23505d2c263aea03

SHA512
0b53e6a9bc4a7ff3f5ff28d41d945f4f0b5bec7e31400cd31321e27e1a8250b559637d8b2356a7f030cc4edd3bf4b0cfea78c3aa9899fa8eac622837737e105b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
686KB

MD5
48e4dff99cffb82007dfd8f992f5e348

SHA1
90dc67fb63253525690c114fe92507a5643e5991

SHA256
c5f674f04d7c32f06e788322bad300754165011eb8e6b1664f284d7902360c00

SHA512
e46b3d6dc36f8b9d43ce9cf9afeafd40be21934426610d917ade7df7cc0230859a2bd967bfc17e73f93fb58910808ae26d290c68d12f08d5f31444be8b6a2e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3e1444bfeed8869ad10b6608d1ddad4b

SHA1
9dad095b6fdec9f19f73ed9a453c10e81bfb5c9d

SHA256
73dc217d84309c4a910453767a22574453909c40535ab82d5d28c6b952600731

SHA512
5f6034f976af7e1f66b05c9071bb3f63abdbac3556b3fefe7d549c01761412f1ce59dd81f4988330408b84fe3e265cb2e187684561113b48963567e9f2ea0562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7080f223d3b86bd49f9bc9ee71cb67d7

SHA1
faaff93a7bc7bcd1928b134f989781c67f5a47ce

SHA256
6d463ac4d7fdc4a3b3b50919a5da4e1268c6a3bebdba43ffeaba212ef02fc9ad

SHA512
267cae8d870c544523677db3fa069bad8104e9248e0b8e3dd973ba998aa821920550faa27737665b161b8be2f987ce24f739338c307e62fde111299ba90b2629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9dd0d1b40bb40f33edd352cc421806c8

SHA1
a3b2603bdd39af424c705b084d0d211a585d92db

SHA256
df409719096c154834b086641b8820f508ac3e573bd79ae081ab07bca8779e07

SHA512
bfb1bcb2d570bbb9c9ff6559712ff4d2ed1ac86b2b508518192b807bd625f578d86cef13726b105cbfe89925cfae4a6bca4493122d2c3524f58fac0a305b4bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fee9e151cc9dc6928f93079162acf72f

SHA1
c95a08e5e0d7b9119df179637a0ef369be33fb44

SHA256
7b1c5d17fceac79f6e4ae4d7ebafb5e25bd25810d3cd493fe44042917dd1acbf

SHA512
06e8ee06f64287bf52f270e74ce43848d6dbfcbad9438d80079aa582a078e5fa77773da6408ba5fc016ce157cfce24aeeebe283816ce18c11588e09c7a1947e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e28d0a6b78fd9cc82eaa444fc4bb32b8

SHA1
e9629acf6c4314e450ab2a9642285e3a17fc7179

SHA256
c1d6a24ea0577771e9e17c8258081a4278a4095e04e5cee5ccd9d84622b78234

SHA512
68d55ae55c8b5f6cd26f6469d9a5d0c9474ee0d8db191284e83331fd28e303a7606b8f535256be762edf0623ae46faf51b736ffb2ba5c752e039f6d209389b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
319e3c19d345eedea0e698b7f179bf1d

SHA1
18549bb366bda547ad0a1ac79ed999ed82454ea6

SHA256
13d91c979d2950a74be1f73c558be8ff564a08fceab78b9d5c3f6a8774445843

SHA512
0cf8eb2bcd9e7e3a0e1db712d4eab05f35360fad002612e2047bfab5a8f98b59b4042aa8e68a18810d84a5706c3ebf4f070baf285931f3949115538bd36d825a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
368a8f4e39b68ef24437bf2ef159930e

SHA1
f9e5fb972f9cd140b4e9b1cd5a314c21427b9d0a

SHA256
2f596a25ea72ef6c3a6550a9858c3da7afb853b6f424621bceb35df36980c246

SHA512
0a7f0fad6b48b80747ae37364599bb4f459c47cbdd812c812f8dd8a523b8fc0a8c54c1ef02af078f88fc36de3aec77db3b6a55efae4deda263810278cbe47dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48181558732a77494567518f1c306da9

SHA1
feb93d912c677fb02480ca3e237c9e08f740775e

SHA256
b5bef25708138949bd038a76be8f5ade6bdabd1fc54f76fa5e0969b80e4d3fed

SHA512
39146cd65fff9e2642d5357a00c8b39d08e72bc345279db39ab290336666e18858ebfa39a8fa098301b575ce8f5d992c0f99757d135d27f82edbf2460698ee6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
42612b4782d93c5f37b5e427d65a9370

SHA1
e74f4e85c43070b78615c8587f0d68cb78cbce82

SHA256
5c901a538a952b2431401e5903deb51a4754ac6d5f94dab5c19068c634510119

SHA512
b4cd1f3cd2f24c8a36739564e5aa607b11ed1ae54abcb4cccfbf864e2283ec3e65d5092f4677178e7ee63706e96900269c7bdc836b624b832f97e76dd9f91726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c79d041d930d2d07cf98e68fbe27a7c1

SHA1
c43cd5543de6a1c79eed379e527a91362a177fdf

SHA256
37d651d39d116ab27f5ef219dbd5e8f687347d3cce78d46ec8fbe6cb51ac94d9

SHA512
012c2ce1f97fe83b41300a71d50d30b92703e53ce529c5450d8722519c98473cd678c3a6dd8407f3dcff9cf57a0df4367186d38f3a202c9186d9aed78e602d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffe950b1278bb997f1beb0760417383a

SHA1
5ab72a19af89632bd740cad54c56f8e0d199c0a7

SHA256
964f449ddbb9a233eb091ec707dc437971a63da67c1a8b38e79ae83cfc1fc9bd

SHA512
ac81b9648e7767e529f63c66e79d8589c4833e29c9716b69d5e465ca9cc31d9d1136f8040325526ac825f7c280fdb6502dff89e551d76be164c4bd99be26631b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
27124eec01c4e79525927060ffde97ab

SHA1
3339504fd6f40c16f60bfb5818a1a5b8a495d7c4

SHA256
d569cd29421698793506c38db7bd15c65f77457c11b0c5c633c1725367ccebfd

SHA512
36b86c1ba389295563a91619bd2ef23701be84d4c5d785ef02f6b7b8ea0f9d04a0b837ed9dc0ee1c084e83d8be09e0c8109429a8cba14a5182dc87ce0cdeadb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8a39283f3b23cc4bb0adb89b9986112d

SHA1
cc7f50766721f21a1a0df057b663e481229a21d6

SHA256
f656f9f7e527dce7ef9cd8928366c6e9a88ebec9507e779e0ccf9cc6ac3de0d4

SHA512
79db41f6ceaf29f95c03ff8e5b1445c6c8addbf0f637915d015d48c37749b0b14c28afe2c06e87d485509affb217c29f4bf6769f9a21d47d442900d08e113e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590fc5.TMP

Filesize
538B

MD5
f1e01272360d2d3ab4f05c24c324bf4a

SHA1
9da851848d5def499d7dedab3edc995372dcb801

SHA256
cf3aafadde6faea37d6e6691b2c34b8c64477a0390d3e60efc5bbb3621130c4e

SHA512
344b18195b01ad3425b213f38e851ad4a1465b00d96b1a82f6435b45175ffd957dcb187df08a0dcf682bb5560948369281458da4ed07601cb5b3c1d7025be9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3f975cf5402cfc058d0ae6dec8d1bc0d

SHA1
96fd1bff7b2ce09aeef59f1ee2872f8787fe73ab

SHA256
7bf8fb7d0f55641632888ea9443a6ebc470e79c1027e054a95b11664101693b4

SHA512
78c976cc9ef7b24e22fcb984020c0db571cd8a966f3b47b390739d4292e1fe479eff04d6777cdc9819020b7795d80ce2c9fe5d44260e6fcb77e07297b5811b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9c8829959e568eb2dade817418726f3c

SHA1
4c563cceaa2b1715a8b8d5005a10ef5d2e0d7cfa

SHA256
4d123851998273543f385e8d4d4347db44043bf388ce1f94a2f3c8a0de18f9df

SHA512
90a35110532335304795450c63959de6f1e3e1fae64340a09f93a67399acf333abf3743aa61fea85108a0adc5882893a7bc7b0db51f085c0e334b7e2db016dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
cdf08012dddd679148114a62077aa5a7

SHA1
920f44ee4b8208e3c2f8c2ea4e21515573c55799

SHA256
b080dc9cefad3410fe26a4c25f2f0828c9e617221b04895f947595ed690cc507

SHA512
e64e42afd50069b288bc90eab3b974ae4aaa06d898855ac4367a0a0a2670a767cf94636f0e616fcafb160c958d38ff63060fa92c80e1cccd2bf64844fd1a931e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ef0e9836a1c2d7c3a8075df35b233843

SHA1
bd6666dea0b2bd96516cb93b43416a4eaa4ad9e4

SHA256
5ed7a9c297f7e14eec2eece7f3f573bc359cc98f10f94f3d0888838f80d98e7d

SHA512
0764d92e4a9d48e5d95715e27caeca38877abbd08cb688382d23a592c35482a2a7f6222a8759045e5bc053e5a6efe395960f0022596b9936716c7cb028481377

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
f57210693ec33f2dbcfd806a1b16bde5

SHA1
30b51ab66f4ab4b92cfc09fda160fcd5b864d204

SHA256
49b6312c4d5cc41f513a38846778e99aae4dfc21e69c038580b6ad2d51b01567

SHA512
10a6e611b2c22d31c0cf42fe30702c55ed54852d1bf7e8d630a2eeb36331dec78bcd243b5b4b2655ea9d892ac5ce6b7088c04d6416747227ae9aeed880409500

Download Submit
memory/1104-917-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-916-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-915-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-914-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-913-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-912-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-918-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-906-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-907-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download
memory/1104-908-0x0000029FCFB30000-0x0000029FCFB31000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads