Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
06-09-2024 15:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://roblox.ht/groups/151199088652/ManageFounds
Resource
win11-20240802-en
General
-
Target
http://roblox.ht/groups/151199088652/ManageFounds
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 8 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{D0DE2102-CF98-43A1-AEE1-4B228F93B646} msedge.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exepid process 4132 msedge.exe 4132 msedge.exe 4424 msedge.exe 4424 msedge.exe 2108 identity_helper.exe 2108 identity_helper.exe 3144 msedge.exe 3144 msedge.exe 2332 msedge.exe 2720 msedge.exe 2720 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
Processes:
msedge.exepid process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4424 wrote to memory of 2112 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2112 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 652 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4132 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4132 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4428 4424 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.ht/groups/151199088652/ManageFounds1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d6893cb8,0x7ff9d6893cc8,0x7ff9d6893cd82⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:22⤵PID:652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 /prefetch:82⤵PID:4428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:3684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:3580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4556 /prefetch:82⤵PID:1388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:2996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:1540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:2264
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3144 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:2500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:3320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵PID:3476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵PID:3796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:12⤵PID:1376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:1576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:2980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5832 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2332 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5704 /prefetch:82⤵PID:2500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2720 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵PID:3520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:2280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:12⤵PID:1332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵PID:4608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:12⤵PID:2824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:12⤵PID:2616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:2444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:1332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:12⤵PID:4128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7108172958205580780,2503210584757318987,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1624
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4852
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1500
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD5c727dff7c2a94cc7fa359320eb2e5c82
SHA1b9b9adfc6f945478a027940e8c725ebd6173f98b
SHA2564931b511ee326fc692cbc031b5369006c9d758578084824b08e3a2ff690068fd
SHA512e119ff9b564c31c9c70368f1b7db87d19ef88509a61c46a6f11e398c189e39759b0f2789348fe9120962f9404430a2e6a88f90fcb32b60db5e91a9de4932defe
-
Filesize
152B
MD59af507866fb23dace6259791c377531f
SHA15a5914fc48341ac112bfcd71b946fc0b2619f933
SHA2565fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7
-
Filesize
152B
MD5b0177afa818e013394b36a04cb111278
SHA1dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5d6f03ef0fd36f1ed1a82159bf7d91ae3
SHA1849273fb0e54c51a2749ee0cbe32739f56d14e2d
SHA256c10aa34826d43ea756c09951961d57e0d0b7740fb36502c9120b1027fa68f562
SHA51223680efc664e5bd13ae14f972952409af0e233e5f71fe3679f61fa91b946c4d9d2a0a32f97fa99874bbbe59c922e1f7e42636948f58d7ce9981310b695900a61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD527413537e361f3c6acea8dd35b3059c8
SHA1f0b74fcf49c737edf5bd679a791be0f113e5e4bb
SHA256900a32bd0b757acbf07603773f55e0a92c294e62769dd47fa9e40db367e33957
SHA5124cc6142bb313cdc301f283c750e110a709bee6ba9a7832d85546dda3301b1533f0140bcd764a1a7eb0f03680143a2e787ecec9bee8dd7a632ea2a819096b2134
-
Filesize
1KB
MD5a667d0727a2edd6884495de222f5ef1a
SHA1f576fdda0c0f15a9fc911652b521189cf751ce4d
SHA2566c1a6dbc8662b011051be5326eda1706f216b336378b9b2cf90643cda094f7d9
SHA512c5c58749d0ada6f0c74c517e4c4310d0f399abf98e6317aeb9cb8ed37b6301ab3d682062ad6362b1f1a828d6f744a28153e814abef4967f23ddf4f423e8d7dc1
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
1KB
MD508948c4a46d98ee2b52d7864c11fc8dd
SHA1b6f6b265c50cd11131f4dd660faef6c76b68db41
SHA25665fb7a2ca52f582b04759bf7411d1ae7d914939c91beabf05f7f74b5ed56f243
SHA512154f5d2714a292135e784fdf93e2a5df423071c3a01e00aef4e86da2cd963537e52c095bf033547c78e42795447736b33ddc248181fc0da76feb079d750f24a5
-
Filesize
5KB
MD5d1c3ae3c891f61892718f864e6bc8d47
SHA197c2cdf4510e5ca8c92e8baafe705d8931f6c992
SHA256a7ea19dbd649a4d6b4e40a5db15324c8aba98b96c08b52ff268b253178466c1d
SHA512328d74c3a6093e24a3e390e8100dc2349502c6c1f1c861e7bcbdd446cb67ab0d69dea149e24483088bc13aa743740bf9e16f071ccc2a0aaf63b0d147c129df6d
-
Filesize
8KB
MD571fa9d4dba5f7c76772698d234df054c
SHA1879c0f3f1519cb0863b373f5c761cbd0d3244dcb
SHA25612315714347872a407e428d3605d2ca816f085fe3e4ea159475e0eeda7285a2d
SHA5123a331044f23267d08c9a57760c9fd1fda12e4d9ebcb5b2d25573608d1b76d9f2ae9dca11d08d1356cb6a1ff4e2717ed3dea43effe65d2ea1fa8adb6477197467
-
Filesize
9KB
MD52b6db9a63d54dca80598d807b4410ffe
SHA11f2b37c051da8f28513da668f36f06aefb84c4b7
SHA256d825bb24ed18ff5830c72302e1bd9d36beb1e93b0100a05dc1830ae9fe710d38
SHA512058b35cecc7b6130a64d90ea6141f4f36134ddecdeb0dcb2890d3f11cc7a5cb0641e8c8c3d2905b9c8627b54b417948ca0a78a2b255f75c4a5e58483e1351b83
-
Filesize
8KB
MD51815bec992d5e3697e63d21f2bd913a1
SHA1488c25dbf960bc6dd8a3fc44d8de9c1ee68bdf49
SHA25611207c69dd83d4522cbfe02de5f2a8da466de0cf72205aaed57b17fb6fda80e7
SHA5127cd39a92780043c93031bb2bdb2d8cb6981bdc525a44bd16fd4ed8ca2aded1754670760d962997caa1d6b580cdc6c2bcc1ad879c96d0598a03eec1348a5faf7d
-
Filesize
8KB
MD524ffba2998392542abe9521dcf6d9951
SHA17eb1793f52f494426df8931636e93020aad721b5
SHA2563c14860e4b459e0ecebe0d41298547d4d593555e2c7b031d42729e8096672dce
SHA512ba3073e6f303790fb17bbc28faca8895055a1970007642f70eb6a1595286ef7a22f620944555055deefd1027af7394f7c3c720a7e0b303fe53b62953b4ba7481
-
Filesize
9KB
MD5f83cb66c65452a33463796ab5ca6bcea
SHA140002bd9a4854bf1190eaf20f6f864855c66f6b8
SHA256e967342261318ebe5565fdcc9d8011abf6aeaf9a3ef6719d0af9ccb2405ac04e
SHA512d019081209c7dfd6bd4c26978285aa45666ea23f36199ee3f761cf3001b129e1f12c9264d768b609ab3f478bd187c2da3697a587803941d533d18055ec785dd2
-
Filesize
2KB
MD51d8e390008a78ed022c1c7c335ef5973
SHA18f351df59f5268393981583c1bd84c8f37ea5272
SHA25647e0586cd6395c57646150eb020e5599da4828c31e1a4647310eb305a7e24beb
SHA512093b0e804509eaec541a2295799d3fbc0f3a0dfa4acb0629153c4db20c3782ca7850603ee080c1b02b63791aa186e3aa2ef1f5480ec1372e6afe5a42cc6d8ee5
-
Filesize
1KB
MD56fa343a8883f5a709a56047809fa7220
SHA1a8f060f5752b30164c8bd912aaa0736c018c7d8f
SHA256b66a26f8ee53b400051c9e79de8746ea2ca81250a4861068208cf66e986f824b
SHA512d14367c2dabbb7e7e94ba1c8e1131d547b108a5413d81b3ba26e6e26432a181640cfeabc493412cd2ab51bdf237c4abdf81b945816b8cef2738c0a7648ef909a
-
Filesize
1KB
MD53e56b5ca12e82907fc6ffbca08216428
SHA1c1605fe9bd17d29b099f3df50efc878a271873ec
SHA256aa52b3927f15ea83084a026de3ea7bed76cf1d3d7b41a1dcaab8194aeaf4c00d
SHA512a922246a9c88b3029c71db1898013ca53c457de1193815162ede9c9514492fbf2b73d76e332a53ddefaf67dde2ecea2ee6d57587fc31416fc35d2f924f018116
-
Filesize
1KB
MD5dd629e36c26dd42af4065e39987f2fb0
SHA1a4f2d57c3072457ba82bd3a77376be59caa0c4d0
SHA256881891fc75ff2a502c8cf86d63f71ea48b1be197e75c7071a6cad45cbf9d781c
SHA512b283f45e2a6d60551f9e9ffc32723c34f115ec5fbf3bcc8993a839d8623f4ce8f1d88022baed1054c21d93c43b37a388d90dcf58bfe3884f0cff404dd21a0c74
-
Filesize
2KB
MD5dcef093bbbcd5e5e64f462e5ed7dd60e
SHA104928ddde1cf1201ac44a764720a27bf8a40315d
SHA256c4aaf21c69dcc7747633f4bb4ff2eee8992d6b261c683c84a8030f1057b5a3ca
SHA512d295104fd343e1cf7d733694c2f448b63a7d1e85193f4256a7b5cbff5d59bcd322e5dbf342a8d26f548306afa26558d694ad993b04e2ef20bde3d6230b35690a
-
Filesize
2KB
MD5b04b05011ae1a926002d02b696ebbe9a
SHA19b27d29517df2280c0b676fd675927642de3aca2
SHA256fbd0c6a8315740f64da4aae3fc07d4d9e3ae27bf529abe8235767754a1b2efe0
SHA5120cb94d03ac6f568888aea3015a705e0020448967e1c8342b8698c66515be94f1878a8190d7e2ab232efe367ef5398dd5bf5bc0e5e3842a78a51ee7be9a8449c8
-
Filesize
1KB
MD5b7d63cd9c4124efeaeb57e9bad9c5079
SHA15f9225b719238749c4a47369275a3a0dfa891a52
SHA25698516b2d1e11df38d29f85f92043646b20793f0470581c706686258cb8e8c020
SHA512003700e1d77fbbcad033dd42ce4cd403cf0b38ae136b2747d419b7a57ce001afc8658173e8c1a5040c99d208c070c7579fdbd7159edbfd2f093bf0fe6bc4c90b
-
Filesize
1KB
MD57c33a43c1d990a76187f85e19a27d2f9
SHA13d9daaf6e920d99d17dbbb466ceca2146f2184e0
SHA256314561f264efb0f732476647e52b2fb75e133c66db68e86f01fa86820b8a97a5
SHA5120437fb5636fdc66c15fa04f55e366ba61a62c9cf3ced51ddcdf4e8d2b6029690ae3e2a1f3d29981a54bb2422967247dda36b96601a60829ba8dc893e5cbdfdd8
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD58b776a6af7899f299c6f339417896f59
SHA12b5b1a815719ac1d31dc85d8d71351ac2e4bd7f9
SHA256e02ae7e266db11ac2f3ee1285ef65d9c22734d0ba5c1a2b6c2b928b84b9b99d1
SHA51241cb87df73a4c7590d13f923569437b8021a313f82649e366c1e650bb350853e130b5d499bfa4898cde1629cecb0a50915175b78df2091f30d7672bb4e2ca53b
-
Filesize
10KB
MD5dfa7d0464e5b91d06d7f11e6d697f468
SHA13eeb3d30a597824ee1236aa779e57ba96c599464
SHA256e31142e3a132989682a179255209693a47445965720da0d9c53e405acb2f10ae
SHA51228a005b0bf06c3d935df919207f72158ddfdbeb1dee84edb0bb485fbfc93d3f23a93649920ee50276ce7f7a5b6b54eebd44b87de02c99799abf1a9ecd43f8442
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize12KB
MD53b9ade615fc5b0c0622ed425c4a8c2c2
SHA1cadcdc54603ff4e745e09fa00f62fdc431c93ac7
SHA2563c629d3682e20d268c4845a1d83a868578428f6a3eb76092ba5842f085a1093c
SHA512a3cd7401e7975b333fc37c9652a9a26e1a59c5131373b3bbb13165614f9674ec0c8605ae3e47542cc7ce7aa68e6c74dad00a0e4bf65aa7273455f71b081eece2
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize14KB
MD5b16d5eb6d8e0b7c89a7b414da68342a9
SHA14c8d9977a99df143093f3bbb823067028e6172d8
SHA2564724cfbe1f624b6652f386cd3de292f797ee7402d6afe423cb5673697953dfa8
SHA5123359b89b576e2407dfccabf9e06b0295d4c8d7872e246d0ef144c639ce9508ee0495bdfc032f0cb72b26c1e43af013d75eb1870acdbdd99ed22e08b3d1b85ab1
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e