Analysis
-
max time kernel
328s -
max time network
329s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
08-12-2024 04:32
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 904 msedge.exe 904 msedge.exe 848 msedge.exe 848 msedge.exe 1696 identity_helper.exe 1696 identity_helper.exe 2744 msedge.exe 2744 msedge.exe 1632 msedge.exe 1632 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2128 msedge.exe 2128 msedge.exe 3580 msedge.exe 3580 msedge.exe 208 msedge.exe 208 msedge.exe 1720 msedge.exe 1720 msedge.exe 4968 msedge.exe 4968 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 848 wrote to memory of 2100 848 msedge.exe 82 PID 848 wrote to memory of 2100 848 msedge.exe 82 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 3804 848 msedge.exe 83 PID 848 wrote to memory of 904 848 msedge.exe 84 PID 848 wrote to memory of 904 848 msedge.exe 84 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85 PID 848 wrote to memory of 1496 848 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamconnmuntiy.com/gift/id=82376891011⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbcb46f8,0x7fffbbcb4708,0x7fffbbcb47182⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:3804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:82⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:12⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5420 /prefetch:82⤵PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7112 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:12⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:4432
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7e1b7919-dc6d-4708-9402-964b6a6e5f9c.tmp
Filesize540B
MD5f64821eb5c4545aa23abc4d3f18d347c
SHA13e2ac68139eee05152ae421288417df46802fa8d
SHA256222cc6cdd13ff7b7c5637199e260a49a46b64835c53074bff50bd7215ebf65e7
SHA5125f01e6bbce3464e865ada9b3e1e76aaceff98d8a772055d490a7a5c4d7a90df49325d8d269a9b28e040fdb601f38445207c857195774768f54a0317bd79dc197
-
Filesize
27KB
MD5638a4990025383a0f83ebf29bdb84a68
SHA1153e8818dc42f598e47fde8cf398f1447649a4d0
SHA256878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6
SHA51259a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87
-
Filesize
111KB
MD5ece822ddf599587ef262b1b22bfeaa47
SHA1d9a8d480342a2a675c61452df0957fc6773f02ce
SHA256199b281472b5e03f92a02e91d4f0dc88b91b641f05670a74e1b3507e09b0727e
SHA512910fafc0f1915a64933d649cea2b80fef570872f792320c49217b6fe60e49e2d32a7b0f698ccc7f91bd444aa62911ac2cd1da6897cdf3c0a27a3c54c8aa9d638
-
Filesize
20KB
MD51cd9f819fae888ce4860b7f6093347f1
SHA104f78da120741f1198d595af811b2c42ca9d5406
SHA256d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad
SHA5122f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b
-
Filesize
32KB
MD5e13edde4a25e96e573f37bdd11e020aa
SHA184a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2
SHA25645b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515
SHA5129ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053
-
Filesize
36KB
MD547d88f0e30322831ac51429e321af624
SHA10a3a50ae8c9d61a6d96b872f91b4694187be0bcb
SHA256ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c
SHA512416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece
-
Filesize
121KB
MD52d64caa5ecbf5e42cbb766ca4d85e90e
SHA1147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96
-
Filesize
733KB
MD50fca09837401a3a8e05aa46cd1a653eb
SHA1b021350e90fc433e720eb57fc10a13b434fbcc15
SHA25612ce433c3bec3e6e3029c52dc3a20a1d486ac623aafc8960421d223d00468523
SHA51262e005b4c657e7a3cb785d426ecf05ddfc2f605b5cc54d440975e7255013a9ad8ae78aa50c26981260134650b6e6feebc3ec6703601d277dc2c82da1fd69f6e0
-
Filesize
115KB
MD5ce6bda6643b662a41b9fb570bdf72f83
SHA187bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8
SHA2560adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6
SHA5128023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86
-
Filesize
491KB
MD5eaa918479400786006bc5a37e77075a2
SHA1cb892a61d8643b235ac589d9e0fd7a4a97ce56a9
SHA25669a47ea33e7fa0226b9f23b5837a9075f36a0ffc2e7adc2f5b30f564e1dad09c
SHA51252bcd20485323c7451fcfbacf51a3e5366031198177ce53815ee031a451219755421da894edeb8e26a83ec84d7e52217b26158ddf5b0449bffe8f286b2238942
-
Filesize
119KB
MD5d45f521dba72b19a4096691a165b1990
SHA12a08728fbb9229acccbf907efdf4091f9b9a232f
SHA2566b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc
SHA5129262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c
-
Filesize
119KB
MD557613e143ff3dae10f282e84a066de28
SHA188756cc8c6db645b5f20aa17b14feefb4411c25f
SHA25619b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA51294f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176
-
Filesize
120KB
MD56168553bef8c73ba623d6fe16b25e3e9
SHA14a31273b6f37f1f39b855edd0b764ec1b7b051e0
SHA256d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66
SHA5120246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb
-
Filesize
22KB
MD5fafd090a0b63d928fbe8b3ce4e9260aa
SHA1172120d138fb4c6afae97bfc0bae13d424fb7c16
SHA256c0ff9308b0e13a3e743f56ae84abf5a054fb964fb3f36e52729d78f71ecbeb67
SHA5124840a5455dbc8394a7d47f935aba64e5c23ee7157e9a00848a2a8bad1c604c280e4a56f9445c3c63bc0e778066dd3acff31b973521ca5384c487ea27f89ae71b
-
Filesize
28KB
MD571d8c032980d1a77fc91df75f3b8d0ad
SHA16bfa8b406acf9a3572697e493b762fb5a22a4736
SHA256f60023126bcd28cf0e7afe447e9052a6b505a55c4e5ff4d2a1234039b17375c6
SHA512cb09472205357426ea767c0759b1175e8aef801a3068e1ed70b64930d878c6debeb7ec2beff48564ae37eed6dde8b18437f0cdfde5a68cc685917447fa7e4505
-
Filesize
23KB
MD502ace8c9d46dc9bbb939e071c91e93af
SHA1883a9db4b0e196f59758a2d136204ec7ea5b2322
SHA256c31d6f02f5896ddb35f0eb3d19387ed782738cc2966246f2dbb121a033fbbade
SHA512692d00d5f3a79a13bea3d938e564fa55303979a78565937b932765eb7afd621a8fb125528da39fd8a214dac7d7ffc3571e0932c9985d2201117d46cd09e2ef54
-
Filesize
22KB
MD55d2d06e403a7a43c4f093c7c408cd742
SHA155863e196cfdff655b155ed2c0960913445236fd
SHA256cd736da48dba022636df45d58ba50f252b576642246e53d6f685c8bf9564111e
SHA51271b55c6acc0284d11d7e6b33ad6993f8ca9ca2186b65bc377b235e4867dc2645c4079040aa8a24482cdd35d391dc75ef7f2b7633f7197c239d8075946108fcf5
-
Filesize
42KB
MD5863f72ddf58c2b33e7e9167f668eef33
SHA167ff8fe51bab5663c9471b6468da66c62853ebc0
SHA256e86fdfeaec55483167f80ba7dc00b5b1eed1624187dc1705477d11cf55a48058
SHA5129057012600613459bc5cbe6027373ed7c4455b43d751eb9c08ca2201bfa1e2852269c121d9237d42571d6f04b2d2e154439b14e257cdcc1ce3391bb7b26ddee3
-
Filesize
436B
MD50adc0399c20647c56043cbc9205763c2
SHA1679d5ead637af8c0a458c6393c248714394aeb61
SHA25621b0d24711b43d97b6c662b8da9aee447df864ce44935bb4e563edad97bc2da1
SHA5124b1226653dc2a40097f49361470d5f9126986bb2707ea14073ad37e89e2f4b4ebce75feef9ddd0c77961eae2c338672d9db30fcbf0ad4870f0a16100835cfda9
-
Filesize
6KB
MD57fba5b9815dc952bc2c6851a1100f1e9
SHA1dbe3fcce4b199b25e92f5d54f0e6526b7b0a56e8
SHA256c106ab6caa706f6cdfcc3111a7886168b880e794d03eada25a53a1d735d58d27
SHA5123b2303c1b6046bdf048c76c80c110e95b305cb4e64e8fc3b8aded11e8c7187acfc1ae76f11770ec3b5cf6b0401ce73c5652cd114756557af0a488a55c5309f7e
-
Filesize
6KB
MD509c62152f127cfc39de555b8c6229af8
SHA1422d22518ff0cd6e0e246a895959cb844bab241d
SHA2564d375f1500681d4b1047d9b129b67e7aa7fbf1db69ba63a65cc2987db526bd22
SHA51265eb88eeb3ea1cd13c2533351ac788965916c0fef95819d63c13cd558b64c1d98de84b3cdfcf0434b405f302cbdaf716ef273b5c251ffdfb9eaa247592d3d61a
-
Filesize
6KB
MD5b7389d61a7174e133dec2d599763cf5d
SHA1a137dbf3ff40612766d50c45783a8948eca12e90
SHA25620dcfaea9e732d10698f54eb175dbfe0190c467a5ef108c3d16ead1b313c51b6
SHA512491b5ff9319c4b50d059fe1d324251c43c41dbeb7e7dd393a1e375777967f3711be9f14f19e01c1979a0a70f6645d5db302959d3728cf7b460078832b45df972
-
Filesize
6KB
MD50ccd8874c498e89b0ac0a2cf621505a5
SHA197ba3120a458d2c5925f172e30f157d19325e687
SHA256962cadf880d8e80cc4244de0dbc2282bbb79b32600239968bb0b1e2f007d2903
SHA512c5fd73aa53c89be24aeb81a9fb3f53400c286e0dc2ca009108e90347f000c81cd8373a3de1ee8169066c60880a66d6bb1c164f1a02735ee332ff20c804dc924c
-
Filesize
5KB
MD525c9405ccc10525be1ac36f9e709fa2d
SHA17c5a0d8a7fb14c3cc65f5e66b051e3638f3efd54
SHA25697de0b1c05e3202dda1190194e8a006d2a7db144c6c4b8b2829fa25666f3c864
SHA512d88ac448ecb18b3a42edd04b53141044270efd82b90a9295eed734f3611ee01078973d4931b658263ef7120a393e9e6d5394e415fc0120c2d0464b969e4366a1
-
Filesize
540B
MD566e7ef7df1cd58f7218f154add0f8854
SHA151b4176a9fdc6e7bb6ce70f246975f2e48c211bc
SHA25687bb20e9eecbc90a1e7a107955c5bb2fc5cb02f02cd99abf084bcbe3d20cc3ef
SHA5120df7bd76c94f74714f4fd70c4053001cba0997dbb4cb77556099a5d7bbaefb00a496d53ba6f595cb74e985b807533672101673b8bf456556a0334368f1a46534
-
Filesize
372B
MD5b8affa9daeff1178b16ec5a09f3fbc37
SHA10baecfae6e92a9d7f1636b46a985f00bf8b38d88
SHA2566401851f46dd4b2996cfb77ff19e7f80bfe0fc900fb9ad325db60edc0da52144
SHA5120c9979960f57037164463d59539a55b8e3e415ef71b480c27ed8369712cc8f812980d46f6fcc0b1942410cd443a6b535916a3f5f2c7e93dbb7a026d1c92f2ed9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD538586987ea6105b70031ff3492ccf375
SHA17b006902e0a9400801572dd43f3a646bc789b1a4
SHA256c0add1ef8b259e40335f640296d1a626e1406b0c52272a5a819dbf6b38e9517d
SHA512605cc4dd61b1ba956d61ebf1470c5a99080d004e9cb2126e279379b62be1e8e872231b5a3b8bd2ea8a74f3787bc552b596fef955051513412e78f1439f09fb8d
-
Filesize
50KB
MD52c0c25792aa3d462ba04a344f09df0b3
SHA151027136c1ec1c7a6af99b0ab766e6e2d16dbe0e
SHA25689c6fefdba5cba041e3c23c0e2c2cbdf62360840a07873cd753dc605f7109409
SHA512389f9427f3476773ca288edbf3a9d1d58a979a679595c33ee9abad86ea2cbd15129b581c77ed0600e81293bfe924fbc244e7237db1009d945cfbc3495f5fc093