Analysis
-
max time kernel
297s -
max time network
300s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15-11-2024 16:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1306307977728364556/1306343950625538078/SteamtoolsSetup.exe?ex=6736fbdc&is=6735aa5c&hm=e60e10920a20308b8e5c8be3d76a52325ba48959c97e37435ad40e67c9c66dd2&
Resource
win10v2004-20241007-en
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 1260 msedge.exe 1260 msedge.exe 2500 msedge.exe 2500 msedge.exe 3596 identity_helper.exe 3596 identity_helper.exe 3944 msedge.exe 3944 msedge.exe 5716 msedge.exe 5716 msedge.exe 6032 msedge.exe 6032 msedge.exe 6032 msedge.exe 6032 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2500 wrote to memory of 4848 2500 msedge.exe 85 PID 2500 wrote to memory of 4848 2500 msedge.exe 85 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 2900 2500 msedge.exe 86 PID 2500 wrote to memory of 1260 2500 msedge.exe 87 PID 2500 wrote to memory of 1260 2500 msedge.exe 87 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88 PID 2500 wrote to memory of 1624 2500 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1306307977728364556/1306343950625538078/SteamtoolsSetup.exe?ex=6736fbdc&is=6735aa5c&hm=e60e10920a20308b8e5c8be3d76a52325ba48959c97e37435ad40e67c9c66dd2&1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffeff8b46f8,0x7ffeff8b4708,0x7ffeff8b47182⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:12⤵PID:832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:5592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5480 /prefetch:82⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:6072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:5144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6292 /prefetch:82⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6032
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4200
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3200
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4ac 0x33c1⤵PID:5336
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:1416
-
C:\Windows\system32\mountvol.exemountvol.exe c: /D2⤵PID:5724
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
Filesize
47KB
MD50d89f546ebdd5c3eaa275ff1f898174a
SHA1339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA51226edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD5b275fa8d2d2d768231289d114f48e35f
SHA1bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA2561b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
25KB
MD58b06b747bf45671dbbfd53cdf42b39b7
SHA1036ab57ac56e3e82e24d25b1e8fc3da0e758dff5
SHA25677b7ba43678eb41699aadb083add7958be7f1a7d3bdeca68e356ce734bebb623
SHA512d8545ae12e2ee9da79e099d02e94b227e79bd7d4b79ebb65fae983c68b1234d3556951805a659876e184db92c8575512e84fa850ff2f2f90bf93e8eb17aa7b32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5c24f335ef07c2ae897bcb42f343e34ae
SHA1ba405c8f6919f5c52424fd28d44536d9e7667b39
SHA2566c5fedeb2812751bb7bef801fd75de2614eb3f340623e8f3b6028e20879b6f28
SHA512e6a0cd01b148cc3acf520792061ca6b2671b942250e97578a709bad88ddaf4055fb43425fe48e186e067c40ed3cb7f81214cae1e6e0263168a6db56c229e7ff8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5bc376bb32fb11cc8d808e09f04e7e75c
SHA16cd6962bd5196d6feeed78caf7811a787597ef64
SHA25620e774b4b64f61c64296c147d87a79855c9c76846eb72a736cafc4b89621e5de
SHA512c54aa8d0877c87414d72c4a7106a12033cf254f172719bb2d60da5cfe1ab3e3d1f0aba6be55c3459fdda6c3c5a5f3eb18d230b34fc880b866b9535a0459d4614
-
Filesize
2KB
MD5ea00e920a079f2fb13e08ca0706ad507
SHA168808c378f4f4d5b5e680e01245a93d7d3b15d89
SHA256714412290cfcf24230d775e46944242a7308a8d7296246f7d92b4ef883a1796e
SHA5125e1dac0de5455440207a10c9dde62b286e851c1cf04f6b3927a39d7f53753984ad50ffd86d6961b31dfa303523d2775e5e91e07f8b6c7e00cf2e5ede7b599a6a
-
Filesize
7KB
MD57025dc99b7a245a08df77e13458edde4
SHA1811ec1e864f1ad942579aef71a5d0432a05fbe03
SHA2569a727425502e8356a790bd2c9d5957f4bfe59e91287c7ce5654f82f83507eeb1
SHA5129d1c2e055f50c3a50f8be14f25139d37bbf064ec80a4f3e9fd70d075a03f8ba410d453b2b3ecdf2089fcef2e2465dbe29a0927eea81f53feea4e4bb4793e2679
-
Filesize
6KB
MD514180ce1344d657db30b94a526901095
SHA1c7149d11426f72b4c3b5054be1cd6002d148311a
SHA256964dce38fee2cfb945e4a7b54d31fea5104a5020e756a0255e0dc002e694c4e0
SHA51290637bf9268130f1063d7a446aaf25acc225865c60718fb1100149a3bf3f75c77dbf898c573240132dfe7acd7743d7f7ecc5712ac2c8bda4c65833149e76b0b2
-
Filesize
5KB
MD535a83488bf3b3e3cc3d614f3c17a4354
SHA191b702348841ab4ac3deb83c8f66cc222a39dd34
SHA2567304a823c88b1a2d9b055fa886e588d720077cd44d7634ed374a2ff10d8e74c4
SHA5128b924e79966dca29e5e7cdab59d7ac5c1784cf696dc3e721513ff86d1ff73f472c881c2018c6f84c2eb59c8f67d10ff0ced6e7eda3aae31a31fa2820954ab5f0
-
Filesize
7KB
MD5db116823d211c77161a4183637a9f72c
SHA1a1e2b7a356bd0e474305ec82507823dd5979500d
SHA256d00182d306a29a2783a505ed6ed61ea14e18ab7f64be994bb25732d3d6455cb3
SHA5129efe7d323405394ac2045f20730abbc6b190470f46df5b6fafeb9547b37d300a72b8390da84f1ddc7a76545ec45e37c1f9489adb33d96ba43658a79604cff779
-
Filesize
8KB
MD53a65b311825bdc27ee5473ce3d48f267
SHA19f89eeef079882dc9e4ca6d9872c60e3a6bfa280
SHA2569405d6e7f76a9cfb00e68722a00538d66a1f42b62c0b62007c4d66b4394b1fdb
SHA512f9d24ce9d84b57ac0b74e08eaf5696c159d39dfad8099655919af4ef8601c9ec872aa0817dc9b822e0dc46a9acc3806d5759a098e03673097422dab0fee0de81
-
Filesize
7KB
MD51f624d750cd2afe2f401caca25d6e15f
SHA1e4f81903c047e0ce4fca63ef4b8479595b85328d
SHA256f042d9a7a85490933d96617d647e75c88ad4d2e6c575339a17dd96de0bf6855b
SHA51222077fcd565a91501e6ba8e62e1f9e956b0c2e164adbed702b77ad27d474b93c3d3bb66b634d5254b91a3b6d40ffbdd8b83eccde36b7f72d183efdbd2c87dae2
-
Filesize
7KB
MD54216d64322db1b346b185399429c0228
SHA1caa6cf20568df03585f248b5f40dc6e399825e52
SHA256cde4e4cd1fea4d5e8cad09b889fe3e476721b6c97ee892813003f019af149f7b
SHA512f414a68e2e550794feb810611181d90f5913dcd965f1b6128f61b5eadb32ac24fa1076e160e4a4159d7141f442c989c990eaafb1cab2f5b6b6d776d1c6f2b6a8
-
Filesize
7KB
MD5d3d386d300856d5c2c9b2dd1de1e712c
SHA11030a7afc0530ce020a9709c650cded37a214141
SHA256ee485427dc59693d1393eedd3f9fbef8c5e4fc04e86dca176a801ceca8cedb9e
SHA512a15dbf05d4c21ced16c3d4ebdacb9aee413d042f7a6e9dc2c3fdad729c140b12f4cbe3e9798bd7d54cd4c9ead374f08f3710651bc2004bd77282661947e587ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5092ba38580ffa446bcb7ad8a171a7a88
SHA1f5a1ac2abd4a5a2224625d0f658a2ac410dd3a13
SHA25619a302631fffbf5eea502ecc3bb161dfdd0d3d18ee42840561153513ffd4b66b
SHA5125103255d7e2012cbf4c071c241079a5ca5ef04353693cd1c9cee7b50fc8986086b4c1c2dcdd8d09f1fd83b49ef57d2e51fbc05a93ea347bc61af7f10ee46d974
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592bd9.TMP
Filesize48B
MD5cd21411a6130757f66872ad09a13ce82
SHA1c94799aa3bc92469f9a94ce5e66ba29ac5f472f7
SHA2564f9b30f125c4aae9347dfbea03bc89eb81df460b437f02b59ea82b137d4c8040
SHA5124a284b67320d0820244f269aad609f718a29e6068f0115370783757176fd8faa36c375af6655095f7aa0bebda6165eadd1a4d91ab24119b12d4fbb9c5876b4a7
-
Filesize
874B
MD58fd9a180037bb22a64c9b66cf1776e03
SHA1f95da6e8ce34a455f1c50d92f283133fea021e36
SHA256ed77f34dc35abedddacc2dce38c5084cf5007701e8aaf2d37051a58f08a59c78
SHA512d8ac19d77e3886f907342f29ed02248bfabdcd12528c3196f20855553d9886ae7ec57316d0f62ba30645e96d49cd315c911a428a3a5324a81107d693cb13e183
-
Filesize
1KB
MD566a23e2e78ae686f6ddca87a1a8bb69f
SHA1c99506804e2b903085958e6877fda2f073ccd27f
SHA256820695b5b3f4e6eadcdf119509eecd23bfbaf8d976ff0af49bc75e90e11289b2
SHA512b27445a354560bbdfa37d63a60168c7cc20665cff50ec09e03aea7d1b5d1c0017529ff626658072362eed1793902987283cc4e95477d98192746d775aaae5c5b
-
Filesize
874B
MD550e592b4d1665027e313fd95377114e0
SHA100ecab8ae2c02195fadd4c6c5839a8a54c7fd2b0
SHA256450ab486169b63b79f96425a2f2019dff5c99b4857632afc87a91b60355f3ae5
SHA512620f481ee9a757a36dd62394efa192c75b29874d9eca50c2c5097ea12ae946a1513fea05d4d745667ea70c7e484526e7eef262a9e774240b07631ad344a3ba3b
-
Filesize
872B
MD547d32ce3bae981267b2560cee18a207a
SHA1bb38c40a55c1fe661069e644d76cab5e8a5eb4c4
SHA2560ecbab1071bf099d15054b466ea800da80acbfe9890c7c5cd101fd3460394407
SHA512563c9d229d012622470587e439f787ded1d281f5f54de92c7cd2dcb68ad4658a1e7a3779c7350e96f1278419a35043a4a4dbb2cdf8a46b1ec4ec5c2c8cc2a6f4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fc111337-5854-4e69-ae3b-7ee6bc070a4d.tmp
Filesize1KB
MD57d77e0dcbe5a80321c218cc9f888715c
SHA11179382f451b0aa0ccd1b61323b3497a38a25fbc
SHA256c7b4fa8972fedbd699039b25113800f25f77e845458c398816153177a47acc09
SHA512b094daa5ab3758c8f876eb747bcdbb2227fd0540af5b412af4517f0f822bad15233365f331bbe386d55809880c28cb4b3dcfe51688bbe69fbb9be4dcc1abb37f
-
Filesize
11KB
MD5c68748c3f7360bb6b3e0bdf67680722c
SHA1981ad7a1c08b1ce9f52533f7b8be9865bf40775f
SHA25650b02a895535d6bc7644e7fa52a080eec6b8bf3f7b5dc9d6ad19aa2513752726
SHA512f858fc98e270254da42eb6d0e3c2f6345150c466d0bbbaadb626595c17a85bb751eb6d89422e4febe9cb2babe604154485504981a27fe399e83efd6533132c6a
-
Filesize
10KB
MD58bf980feddddfc28b865252067ac712c
SHA17dd41ec7c0d70afa41cd101db832e45e7363df4e
SHA25683a7075850324e056d3903255a757f89b739b3702442f8cbf09c0f4c0aa8eb9c
SHA5129c1fa607e6d81a49872fc592b140cb1cb3d73d24cd6928ba233aafdadb38ed129b91e87c9aa84ac93473f0b5a22d56695f2364ad42ebe844e7f51393d7d640e9
-
Filesize
10.2MB
MD52be41db4186f769ff9108231e75c1da5
SHA1935b4a8ec709220a43228aebb32c3eefc1a777d4
SHA256c982b80cffb5cf6958cc145d4524e3d434d4047280e21eef6ee5770c3a50e435
SHA512f0ba1d3f887e7f60ed8298a8d3b946098c5c77a889e45424f8feb29d23f06269fb05b7360d54cdcd48d71d75cab9b319a444e1af05fdc3d9838e853f43dd85cc
-
Filesize
9.3MB
MD5ab2f4dd1031ecee05b044d43919690c2
SHA17b2ff2e00c345840b17a551df3c6d206c9f2a475
SHA2569f0cdfc1f23ad80609562f2ef6645b4f5ab8ddb746d6ab74483c784a5f31d56a
SHA5120c631d2c9955f7d602b46b6da40191b5f6dce206319399abe49c307ae79285319dad6efaf2ad84a35e8a492207aa11ff7546aa43f207818ec0a4aeb5aca98d42