Analysis
-
max time kernel
123s -
max time network
128s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
11-11-2024 03:51
Static task
static1
General
-
Target
speechmemified_sdsqqdssqdsq.png.gif
-
Size
21KB
-
MD5
4e286914eaf6ddf2cb82c6232f82e838
-
SHA1
4cd1c8ad55b51e791e706c1a854bb70f3495c399
-
SHA256
ca726bc3c3d37d4d36cb0d85312c5af35c0927f499c887a771a0e06b5bc15ea4
-
SHA512
3fda79c18ec389a7591c8514c665e3d342fea188ef4513da330f87028a1ed9fe88fe679315738b6b30649c23baee9ea43eeb8f172d95496275936e903e2fcec8
-
SSDEEP
384:Dwm+25yFPYnnCL/is4lKqurCClLHOxW0dtaC74+bwLr8CvLg40kcWz0VznQNyddQ:kMVnCzH4llurCCT0dtaC74+8L4CE5l1+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
iexplore.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "1321860541" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31142900" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 656 msedge.exe 656 msedge.exe 4924 msedge.exe 4924 msedge.exe 4524 msedge.exe 4524 msedge.exe 1912 identity_helper.exe 1912 identity_helper.exe 2344 msedge.exe 2344 msedge.exe 2344 msedge.exe 2344 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
Processes:
msedge.exepid process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4924 wrote to memory of 4376 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 4376 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 1184 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 656 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 656 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe PID 4924 wrote to memory of 5064 4924 msedge.exe msedge.exe
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\speechmemified_sdsqqdssqdsq.png.gif1⤵
- Modifies Internet Explorer settings
PID:456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff93cac3cb8,0x7ff93cac3cc8,0x7ff93cac3cd82⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:22⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:12⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:12⤵PID:700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6224 /prefetch:82⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13932445749635417232,13713172419216733607,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3292 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2344
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1820
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54c1a24fa898d2a98b540b20272c8e47b
SHA13218bff9ce95b52842fa1b8bd00be073177141ef
SHA256bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95
SHA512e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e
-
Filesize
152B
MD5f1d2c7fd2ca29bb77a5da2d1847fbb92
SHA1840de2cf36c22ba10ac96f90890b6a12a56526c6
SHA25658d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5
SHA512ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
67KB
MD5fb2f02c107cee2b4f2286d528d23b94e
SHA1d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5b846e376aab250760ceaef1c5fa88d57
SHA159430d688b24ede72f7d3fd95f3ca0ea775fac90
SHA256c464270952e014934b1c39a94a0c763649e961cdd31086bf8e650e6bc339cb54
SHA5120b49093d6f00d6edf6afd2a76aa9f19c4491bd2bddf76e2ac3cb07aa41a2ffb2f8b50524984f05fbfa5bf0666ca9ea98143eda6ca095a014524703bd8b891999
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD540879029e5dd5eb90a813d64a6009d2e
SHA1859af90132203d616366cd1875ab644941733129
SHA2563fee237d9a50196fd11cbbb9983a01ed50c66f8ea8dea50038de8cb107ef71f6
SHA5124961ea081602894af6c8229285c77196087d830745fa3309a7ac167e524e4460d4d05add38844cbfd3fc06cd7267b27fb6e1ebda04791823e596a5923a34d9d0
-
Filesize
3KB
MD5c9f45d987a80133806ed2f2b91d480ad
SHA1a28e5d53dd39523e6aa207cd8271e38051a69fbf
SHA2565f340bf598f421c71985f859c13e62144f10db83543590a0a8c5f5e217578300
SHA5124cee034a707621b5d16a1e1116829ca3cd8c2b9ab4bbeba5adc93927d61f9880201bbec873c56682dbaf586ef24c236bacc42f22885c52627003d18592ebb815
-
Filesize
7KB
MD576f184c666e699947a1ae0d5a83bcab4
SHA14be1027b0928d46389e082e42094466eba4e1a61
SHA256a7c469d9459a3143fc866e81ef82161d0fc78d1725c49d27916c95aa5571826b
SHA512353f66636e23730d2fb369873ceb838b9faeaedf4cba6f044a3981518a508b378ceccc56690ba85e5103b8179fffc053e9e69904edbf2459b97d194f2c7a0c41
-
Filesize
8KB
MD5de246c79125fbd171427c54fe4ad26fe
SHA1cde8406161969e2c1f6f6f36d5041ef4059ece29
SHA256577b7b9050d7c129069d46208f7d803c661b34f6ffbd3a888e74716290d68f21
SHA512f1b2b73ae512c5a54952eb87804d5257722e2562e2c54d417aecb8e5e545847e14eed400ecad62dfeac602e4a4c02367c2b8f35d06fe5099e3ee2d3c5c7019f1
-
Filesize
8KB
MD58df536c127cb3c09153c75f20ab724a6
SHA1eca670488b4ef60d117d460962de1ce2188d53d6
SHA256d6eb3d3ab26553ba77519589235c84c2cf7abfb6c7ed6b96ae0e6c8c0e40e576
SHA512ff9de75de4e5a1a05b7e63b2f004ee79d58ded0f09db208d6175af917595fcb84e2621e2126bb5697c8d3ac3659b00be6daead6a1743419b63903569fd9cef78
-
Filesize
5KB
MD504be4c44232342892d4ab7a55971009a
SHA1b70b00085038c87a7e877b06993b4e0826abcac2
SHA2564b29f51c01ba766432fea954472756f87f02cdf000ad45be64739ae209483252
SHA512c34e100493ecfe3308f1b2e43a8befecb4be83807e300cb7cf3473c0a1088cb5358e00ec6dc52d8e73592ef374ddbbb2aca3a367001382ca85eb0575de15ac5b
-
Filesize
6KB
MD520a8d54396693a35009cdab98a9cf223
SHA1a079a826c88e2ec718e5c4d9bab9a27248d24e82
SHA25663ab5cee96c6dd55edee465dcd9d5a9559f0342920d87627b279f50ffd6c308d
SHA512ad066fe676091e85d29f0ab016de97a9bface77b22ad5b65ddba33e6be473a9c242160135963713efda4abc5bf64ef432be8a7c9b8f0015970e35cedf1369395
-
Filesize
6KB
MD5f613eaaddb6778f71abeadbd0a5f68b4
SHA1496b9f92487d3e371c528ad1ef56c42dd8666b7e
SHA2566a25cc1f793c0c1604a45477e6cc29441bc919700028f46ba5d37958f0715df3
SHA512e8b2e5dc0453042bbb18bf6c294ce7c0a656c25c85fb01b858c63e91c41895a42c2876516d4d710a708165cced40ddc942dda855e6214fd64a7a02c627ee442b
-
Filesize
1KB
MD5fd56e18029e1716e0f4ca971dbfe7560
SHA1a5c1c5101913b56b2fa8ccd30e129087ff28b4cd
SHA256acd7c9d18b43ca01cdeac36e298824d1fce96fccb26237c33ef72ede8d7792d3
SHA512eb3d9554efe81c20e5bdfcccb13287d36055103c8366c8241a1425255dc0cf791607deff27f9f9eac590529ae21cfdc76cb079cbfe44ac6ea315d5abc7a5deeb
-
Filesize
2KB
MD57b048c5ed2cf4d6ae0698b5c875cfd39
SHA1a1eaf833b8681908612ac8c0f962a2bac8a8cb6c
SHA256f388b53cdff8bc61996dc0406cbbdb8d5ad559dbf4182a7538ceb21d24be926e
SHA512db6bddb321de7fb3d9098e2a415688e30b1ae6d89453451b03986fffe407f0b649f2b64e278f3758f42decc11a5408243d06e8de704f8841a1992c159f16829c
-
Filesize
1KB
MD5a4f201e59d430944ffa50be30cb62bdb
SHA1acfba6f050ef9f5f582003572cc232cc540bd55c
SHA256a932ead5d750933b9019bd43ba07dddabc7970aef839e20c965159995fe22eb4
SHA51217f1f847b13a0d5b46b0ddcbf57fa3d3ca3d1bd59a9dca9ae209992283d92387fdb3da77efdc708bc3c29d9b18a77a22cf7eaf1670de155e48468926cf1f427a
-
Filesize
1KB
MD59e67542d65abce0699ae6d390e7192f7
SHA1f11585c6ff80a62e0e3ddde3ce47a8ee63093e29
SHA256342f56923e19a05bfd78f9399aea350887cdfd4f9b2908814daa3f17d317e9c7
SHA512db77d0d4bafc0dbbf0ac09f081beba82132d4272471322302762df57cf0bac34ea252888b4ce766c273f65cfff7ecb9020f632bd957e206b6455d0d3fe0820ec
-
Filesize
1KB
MD5683caeb6546169d96d9c686387b7cb5e
SHA16cdf728f06e9d5fda45ca4c8ef3d789c73a2cc62
SHA2567c07e0892673bad08c2eb77edca4f1428b3f239487e6a6d8b93885d456975d3f
SHA5121f561b89653da3ecaf687e66bb72b2ae206448b8f7e9d5aeccebb3067d89472f01795f7750e4e66805cb1627805dde023ded3e5f3ecea040222ea76c1025d4de
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5f27e3d554cd0b49b2f21a6f43dd456d6
SHA189c6f5dc0b7f04092104adc9de0aedaf10aa0fc0
SHA256a869e9fe2d8ca5eee62386904d05ac4ade3844a3e8c0493f278f57b109df46f5
SHA5121b67fdf5517ca5bc93e3bff7988e87f3126848af9d4599a005987caab2954d917788c59c39e449d5f95f68e1d61969893156bbfea9498c0eee47ff720753639b
-
Filesize
10KB
MD5f55fcf870c1f48e2064b5977f533d875
SHA128e8517e53fce706188fb49056d1b2f26a181ae1
SHA256c5eee8044697d56631119aea5382c64d0f5bdea2114ce3e7ee8dcfe34fe58bcb
SHA512177064f90a4f3057e6c02723f80ab7603996f337d13e899bf36eff8a7bbe1fd4e424da634a4cd573b4abdad589a99cfb71538011431dfcec7db404e751738a53
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e