b6ae167bc7a98a16120698f2f11452449118662dd3f1cc88e6ef7286465b45ca

Analysis

max time kernel
240s
max time network
246s
platform
windows11-21h2_x64
resource
win11-20250210-en
resource tags

arch:x64arch:x86image:win11-20250210-enlocale:en-usos:windows11-21h2-x64system
submitted
17/02/2025, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Videos/READ_NOTE.html
Size

3KB
MD5

d2294fc6905efe047a0663b7ffcf79d4
SHA1

9bf17f976f73ec0ce4f05dbfdb5d4ebc9fc1f2d0
SHA256

c459e80d8500c3db9810f63f835e5cc1e4f08cb2deda4832846edf1eac31e1dd
SHA512

983e14d90fe1f5c4993724e1d8ae57132ccda5efc62f0d14146e36c8982d0315753c6aa573f97c6f7d29136051e65eb85bbe9a02846b431a06b5e71ec1ac8a28

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2784	MicrosoftEdgeUpdate.exe
2100	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
4568	msedge.exe
4568	msedge.exe
3596	msedge.exe
3596	msedge.exe
1408	identity_helper.exe
1408	identity_helper.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 4492	4568	msedge.exe	83
PID 4568 wrote to memory of 4492	4568	msedge.exe	83
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 1956	4568	msedge.exe	84
PID 4568 wrote to memory of 3480	4568	msedge.exe	85
PID 4568 wrote to memory of 3480	4568	msedge.exe	85
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86
PID 4568 wrote to memory of 3424	4568	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Videos\READ_NOTE.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff71fa3cb8,0x7fff71fa3cc8,0x7fff71fa3cd8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15223902088997355750,7404538154390142604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5288 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEY0NTVEMzEtOUVDRC00NzAxLTgwM0ItQ0ZBOTBFNzdDMzVEfSIgdXNlcmlkPSJ7OEI4OTU1REItMUYzRS00MEMyLThEMUItRENFNDBFNDZBRjQwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MkNFMDRBRkUtQTMzMy00QUM1LUFBNEQtMjlCRDEzNkEyMTg0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjciIGluc3RhbGxkYXRldGltZT0iMTczOTE4NDcxMiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNjU1NjY2MDQzMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxODE2MjYyODIiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2784

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEY0NTVEMzEtOUVDRC00NzAxLTgwM0ItQ0ZBOTBFNzdDMzVEfSIgdXNlcmlkPSJ7OEI4OTU1REItMUYzRS00MEMyLThEMUItRENFNDBFNDZBRjQwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins5QjQ5QzAyMS04RTE2LTQ1ODQtODdCQy03NENGOENFMjFGMkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtFK3hiQXo2WTZzVTEyODliUzZxbDRWUkxia2pmQlVHVE1Kc2pySHI0NGlJPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNyIgY29ob3J0PSJycmZAMC42MiI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI3IiByZD0iNjYxNSIgcGluZ19mcmVzaG5lc3M9Ins2MzhDQzQ5Ni1DNDc0LTRGQjktOUI3NC05QTBGMTExNTlFOTJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjciIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM4NDI2NTA0NjA4NzI5MjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSI3IiByPSI3IiBhZD0iNjYxNSIgcmQ9IjY2MTUiIHBpbmdfZnJlc2huZXNzPSJ7MTU3ODY4MTItOTU1Qi00NTcxLTkyM0YtOUNFNTUyRDAyRjY1fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjciIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI3IiByZD0iNjYxNSIgcGluZ19mcmVzaG5lc3M9Ins0MURBMTNGRS0wMzY0LTQyMzgtODQ1QS03NUEyQkRFMDlCOTl9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
331KB

MD5
1b98c1bbc91322be4d057783cedd3f2a

SHA1
41133e9f8c9fe2ff4109a8bab0865492e40cde47

SHA256
b3e3881cdb84df4b20eb979bae2618b8a737e69b107b14fd595952f65658eab1

SHA512
4051cbf616cf26bc5a21b2508b8f7cd79673a44d51c2aa9091906951e86cad3e76be2449b7ff47be78e54f4da4c5eb9c5f76e537198341db8518e94d4889e0a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
870d929fe21bd15af5fe11695b57375e

SHA1
ca12f7b13f321389cb93608af1090f4a04c87c4d

SHA256
084ac26acceb534c3a03b27a4b6cbeed0061daf120a1ee6034dcd8adf17a25c7

SHA512
216ba421f0b39302ac367bf129f4ac739c1c16573790e952a520ac44ba18fbbc8368f9b9e50f4bb7242af8311d6ef315df2f4bc76d03a40875b76c114d0eb25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9af0a550199765b9d07fc346a534cb6

SHA1
d7e9398086687142157ac1b3e90b394ae05650fd

SHA256
12a18b7c47836fafdc6f6eaf17b294adda3278c0ffad645fa9255e31f755e095

SHA512
2dc7686d871496dc4cd386780c918b51c4339018b701dbb17fca298fca8d7d68993e0e43988c2413484a4ac9956acfabf4279895f473889a4f7d681d57df0540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
87f6821ac8c38331d639099ba87c886c

SHA1
c6506206c96eba5f4f19a2df4039210cc0dba744

SHA256
cc6ac5609175163d3194430f9e3f851877d719c126e73e3b7fe4477a282dadf8

SHA512
2d14bb358de5d133cf4a2e08e940e5efc7157c9bf969662578e1e5ba0a57dd5584940f4336ad4f6e69427d408ae9e2305d36e8ef94ecf57e1113e7bbc344afa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48cca3b04e7a0662a43eb41362517afc

SHA1
f06df4a66fbc6bc7523582f9e63e0f91f6b40c41

SHA256
805c32c4cf884b4e5820b6f0d986ac32a5d95485f2668f53fd9668ab81822a6d

SHA512
3486a49e4c938d3b9435b49e7e840644aaf2560135f188a443a95a38bb28620c1a9defcfdcfb3a39ed598f93280904c75f2a12f89bf765acf9ceee035425a247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c0f47a50fa31b37d7df62f608ccb36ce

SHA1
0fa173f5d070c4394a07d03cd53b9b5c4e3493ab

SHA256
9ba4649f4f6a075d1ff1782eb7c3c646040cce937537058587137a79cf0b1d74

SHA512
84dcf850592f81b6285ab91c9010e4c7112e6fc53292ea9325383109995037c5ba2c7a52559e7cf3d03e0afc6ffa1fbfbc88495702720c03d1299938c4ad0020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
81d1ef37768089f1c8d0be1ed003a7cb

SHA1
f0177b9b09966d400516f716354a70e5c11af175

SHA256
8b372eec9910ed5c33394114ed9ca3cc74a4526b646b449846a936904a3cad81

SHA512
cad10159f70acf9be64cb5a48b2d8c6f243da0db979855ea6078f788ad0c3ebfc0833ad14f335592a310cbc9e67fb52ecfd77c405300efa580115aab61bc47e8

Download Submit