Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://file.io/F9pP...

windows10-2004-x64

3

Analysis

  • max time kernel
    240s
  • max time network
    243s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 11:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://file.io/F9pPAIftN5Os

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://file.io/F9pPAIftN5Os
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4864
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
      2⤵
        PID:768
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        2⤵
          PID:1052
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1260
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
          2⤵
            PID:3872
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:2012
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
              2⤵
                PID:1688
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                2⤵
                  PID:2896
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:376
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                  2⤵
                    PID:3228
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                    2⤵
                      PID:1032
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                      2⤵
                        PID:3412
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
                        2⤵
                          PID:2116
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                          2⤵
                            PID:4292
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                            2⤵
                              PID:4960
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
                              2⤵
                                PID:2136
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
                                2⤵
                                  PID:3448
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
                                  2⤵
                                    PID:4884
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
                                    2⤵
                                      PID:4972
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                                      2⤵
                                        PID:5356
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
                                        2⤵
                                          PID:5364
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
                                          2⤵
                                            PID:5372
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
                                            2⤵
                                              PID:5384
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
                                              2⤵
                                                PID:5392
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
                                                2⤵
                                                  PID:5400
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
                                                  2⤵
                                                    PID:5408
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
                                                    2⤵
                                                      PID:5416
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
                                                      2⤵
                                                        PID:5424
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
                                                        2⤵
                                                          PID:5432
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
                                                          2⤵
                                                            PID:5996
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
                                                            2⤵
                                                              PID:6056
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1
                                                              2⤵
                                                                PID:6064
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1
                                                                2⤵
                                                                  PID:6072
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
                                                                  2⤵
                                                                    PID:6080
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
                                                                    2⤵
                                                                      PID:6088
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
                                                                      2⤵
                                                                        PID:6040
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
                                                                        2⤵
                                                                          PID:6208
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8808 /prefetch:8
                                                                          2⤵
                                                                            PID:6616
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
                                                                            2⤵
                                                                              PID:6624
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8792 /prefetch:8
                                                                              2⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:6636
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
                                                                              2⤵
                                                                                PID:5488
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14156820431709337844,571262204273429506,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7672 /prefetch:2
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:2616
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:2388
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:4088
                                                                                • C:\Windows\System32\rundll32.exe
                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                  1⤵
                                                                                    PID:6956
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault2b21aea1ha42bh490bha863h87b97093a5b1
                                                                                    1⤵
                                                                                      PID:6488
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
                                                                                        2⤵
                                                                                          PID:528
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1619728031100523861,13970506199930679558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
                                                                                          2⤵
                                                                                            PID:6468
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1619728031100523861,13970506199930679558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
                                                                                            2⤵
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:6480

                                                                                        Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          fab8d8d865e33fe195732aa7dcb91c30

                                                                                          SHA1

                                                                                          2637e832f38acc70af3e511f5eba80fbd7461f2c

                                                                                          SHA256

                                                                                          1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                                                                                          SHA512

                                                                                          39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          36988ca14952e1848e81a959880ea217

                                                                                          SHA1

                                                                                          a0482ef725657760502c2d1a5abe0bb37aebaadb

                                                                                          SHA256

                                                                                          d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                                                                                          SHA512

                                                                                          d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          c66341ffc01ac850700b903279e61ee4

                                                                                          SHA1

                                                                                          021be20cf850ef354f65c0d4d1414caeae750906

                                                                                          SHA256

                                                                                          dab5592386db8a2350968385a34d95608d71df4ce666761c21264eaa4fa2d6c2

                                                                                          SHA512

                                                                                          92fdd22cdbae33b0b1b9b5e8ac7dfa0f3aae2071794d28ec56ef5c8fdecb94eaf6e8ff89aa933ce71b0b18f798722621718035d053e049156a894875e1cedbda

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                          Filesize

                                                                                          13KB

                                                                                          MD5

                                                                                          91e157bc119829bf03d64a6c3114a437

                                                                                          SHA1

                                                                                          9097835abb5dde7e2e601d4ef09ca1b9b833d7f1

                                                                                          SHA256

                                                                                          9c12f9c261dc1f70bd73076f42fdc71a42681a74cab94493ed6627e4622e330d

                                                                                          SHA512

                                                                                          5b9d8f7e9cbe521358b740112a07f0731319fa457546dcceef9c0c935a1828bb215df8942796fd849dcc664148a988666f2cda963e3677d77e91acd794f0c81b

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          218b874cf8fd474db7a7d9cc619356e7

                                                                                          SHA1

                                                                                          2b0a631a0e2b6ec36297fdcdcadf899ee22d9cd6

                                                                                          SHA256

                                                                                          f7469eb51bbc2d590f16b344961eedccf58af83bb0f770b7892c204f1a49dd51

                                                                                          SHA512

                                                                                          f76838cd34586083c44685da8d53efc3f4ed9ef3ee8ab241090d02c263820282a8dba626b829a0282c884cb4b25332a6651f957c45b9ac1c5985c243e45dc4f6

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          16KB

                                                                                          MD5

                                                                                          aef89bbd80214b652d48fec6cfd6f218

                                                                                          SHA1

                                                                                          42ae34ba545cdffdc7095a17952414e295936c24

                                                                                          SHA256

                                                                                          326338765074ba29474929d380423b190efc25d1f2304855ae91cff01c286f21

                                                                                          SHA512

                                                                                          0c2dd8cff44f3e7f75d993de215533ff3c1e2b82d748d35db454801a9eb60888d2bd14c43169ac053212cb2ecb5b17a88f7a141c20a3a6387c1499b23cdd7eee

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          d291536f99977ae2888b45b165b9808a

                                                                                          SHA1

                                                                                          b93553cdd80ed2708958db4416319a041d59a0b8

                                                                                          SHA256

                                                                                          dcb1c0ab2834a1995711060111c67c7d5f419b72eb4db29f9cf25ecaf526f522

                                                                                          SHA512

                                                                                          73a0e6df2dcd10274bc491c91cbe21add311a2bad0967f97671c6ac3c0ed4e8605c32f0e883476b39602e51945088c9edb09d38f9d688e18352ff4edc2b7f274

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          3c6a52d4f32b95ffea8b1636b0a30f04

                                                                                          SHA1

                                                                                          2149cab4aa150b6eb3f64bc9eb7a19f903862ffd

                                                                                          SHA256

                                                                                          816a2481141464b1f943f3cb697c139576eb28b8ae319b73d7bdebd64eaf4656

                                                                                          SHA512

                                                                                          a9df6c0f5b1b09b1a33a45a5585e833314daf6d5d5818ccdf7b4fac82e863715e496d4fbc7ef62433255c09d5de8d23dc052208425894d5beee5b0d333b3bac3

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          9554bc043c6d90584581c501e398cef3

                                                                                          SHA1

                                                                                          686e2e019235a416e2477e4e7a9f0a677d59ef35

                                                                                          SHA256

                                                                                          77528e717148dae2f4917488d669bfee8efc45196f2d39d89ce691cae75b89fd

                                                                                          SHA512

                                                                                          5647c6bb1166612e6feca94b3c6644639af7c804ec399c638787354903ae5727756b56a9d8d963ce1eff59f43797c36b7d64bd306e037e37adb6d1aabf03073c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ced9.TMP
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          a478e4b9931f5dbc52c3de33e230ff36

                                                                                          SHA1

                                                                                          191e054d9fb65872037fa71c59079be5c24b7a8a

                                                                                          SHA256

                                                                                          9a499c0684b1edde76510e4e3e36d9dfab54dfbf79403bc783ecdddfaf868299

                                                                                          SHA512

                                                                                          7c9a8311c4d313d3daedb63685f58a16dc4cc7dda84b47666a5121f1ac095f26011dc1c1e8403a5e2e315c5433e89e2b82d9d592ad469686448e912b1973e3d2

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                          SHA1

                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                          SHA256

                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                          SHA512

                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          2a218f662ff6d118664dd1342029907e

                                                                                          SHA1

                                                                                          62fd8812b84b0a677d97bc585a7c71bed5b9703c

                                                                                          SHA256

                                                                                          d820edfad86ee969be6c86e1fa5f064d0ecac4fbbba2aa7effce3cf68bd0fc2a

                                                                                          SHA512

                                                                                          0e0672777379ebd789ed609788981c6644c829433f8446300761547480aa2246c27c1c45435bfad9a9cb4315ea196eb2b4ff6cca9db711cc7e196be770050f00

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          744e22b91e6cbe51d96a732d3ec1dff0

                                                                                          SHA1

                                                                                          aadfa2a0d15165d8eabc55a7a9213eb5683ea70d

                                                                                          SHA256

                                                                                          b5a8bf171a0c3897971826723cae8a15ebf8ef3eeeb241123ba1edfc5cfbbe21

                                                                                          SHA512

                                                                                          c5a39cdb43dc1a70319b93ff03d28a4197446fab47119b7705500fd34606fe8bf2106874568dfe425f35633b75630965e2ddcacd17213d062d938d6e88ff4002

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          87b84650516ac0e7ed8554349c4fcd10

                                                                                          SHA1

                                                                                          767eef96ffa84eec1ab3439d1d5dad59f126814e

                                                                                          SHA256

                                                                                          c0ac82a936aa0391b822140ae0c5f695ec3ad9370499562eceee17aa99b4e446

                                                                                          SHA512

                                                                                          6f917bb0c23cb981993a79160237dd04a63b8ec85b90770f4d17b5863a03096b2a38cddb6a2d45593424fb00f7df49851fab45ea1b8390d9c2303df2e9ac0c21

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          234f5b20e1efe391f99df0931b8520ec

                                                                                          SHA1

                                                                                          f1dea48cf9a6211b9de76c7637eb3af6a15d8ee0

                                                                                          SHA256

                                                                                          985324ae7482cb72a59f2cbc57fc6b91d1241a44dc2c0445976ca9896bd041bf

                                                                                          SHA512

                                                                                          9fce3afa63e676cde88ce349a703e152eb41857671c31c9f410a60c0cdbd5333ab85c06e70415bb19c2e16ba159bb7e9caf4af65b4209ab4640c7a7ec2e7cba0

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\dawdwad.zip
                                                                                          Filesize

                                                                                          765KB

                                                                                          MD5

                                                                                          3c9a7173924cb6921d38ed2e03277af4

                                                                                          SHA1

                                                                                          3ed25a81e3cdd8d17982290d8485e594652e92ec

                                                                                          SHA256

                                                                                          8a85f3448eeadb2eb7856b0fd2b29e008f7a55ca7cf51c5facc1feccd7d0f13e

                                                                                          SHA512

                                                                                          2d8828e493299fdcbbdb126398a82ede05f34238f9ea90374f63d9df1ced2a3a220cfcf8e423e687deebc48d5427d82bb6d9aabd8297f65644757e72b5766e6f

                                                                                          Download Submit