b6ae167bc7a98a16120698f2f11452449118662dd3f1cc88e6ef7286465b45ca

Analysis

max time kernel
280s
max time network
293s
platform
windows11-21h2_x64
resource
win11-20250210-en
resource tags

arch:x64arch:x86image:win11-20250210-enlocale:en-usos:windows11-21h2-x64system
submitted
17/02/2025, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Videos/64/READ_NOTE.html
Size

3KB
MD5

d2294fc6905efe047a0663b7ffcf79d4
SHA1

9bf17f976f73ec0ce4f05dbfdb5d4ebc9fc1f2d0
SHA256

c459e80d8500c3db9810f63f835e5cc1e4f08cb2deda4832846edf1eac31e1dd
SHA512

983e14d90fe1f5c4993724e1d8ae57132ccda5efc62f0d14146e36c8982d0315753c6aa573f97c6f7d29136051e65eb85bbe9a02846b431a06b5e71ec1ac8a28

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2000	MicrosoftEdgeUpdate.exe
3724	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
4744	msedge.exe
4744	msedge.exe
3252	msedge.exe
3252	msedge.exe
2280	identity_helper.exe
2280	identity_helper.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 4752	4744	msedge.exe	84
PID 4744 wrote to memory of 4752	4744	msedge.exe	84
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 3916	4744	msedge.exe	86
PID 4744 wrote to memory of 2640	4744	msedge.exe	87
PID 4744 wrote to memory of 2640	4744	msedge.exe	87
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88
PID 4744 wrote to memory of 2104	4744	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Videos\64\READ_NOTE.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5ae53cb8,0x7ffb5ae53cc8,0x7ffb5ae53cd8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,3748510005585580045,17937355246451459367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0Y0RkJDMzgtOTkyMi00MThBLThDRDUtMkQ3QjNFMzNGQTIzfSIgdXNlcmlkPSJ7NkJDRERFQUQtMzI4QS00RkE4LThDOEQtMUVDNjcyNTYyOTA2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Q0I5QzBDMUYtMjY2NS00REY1LUJBNzYtRDRBQTg1OTYxRDlGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjciIGluc3RhbGxkYXRldGltZT0iMTczOTE4NDMzNiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNjU1NjQ3OTQxMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyNzkxMTkwNTMiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2000

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0Y0RkJDMzgtOTkyMi00MThBLThDRDUtMkQ3QjNFMzNGQTIzfSIgdXNlcmlkPSJ7NkJDRERFQUQtMzI4QS00RkE4LThDOEQtMUVDNjcyNTYyOTA2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3NDFFM0UzRi00MTlDLTQzQ0MtOUU2QS00NURDNzkxQ0Q0QTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtFK3hiQXo2WTZzVTEyODliUzZxbDRWUkxia2pmQlVHVE1Kc2pySHI0NGlJPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNyIgY29ob3J0PSJycmZAMC4zNSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI3IiByZD0iNjYxNSIgcGluZ19mcmVzaG5lc3M9Ins5OUY5N0M5RS1FN0RCLTQzQ0QtOTUxNC0xNEVBQjNBMjhBOTh9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjciIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM4NDI2NTA0ODgyMTQ4OTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSI3IiByPSI3IiBhZD0iNjYxNSIgcmQ9IjY2MTUiIHBpbmdfZnJlc2huZXNzPSJ7NDI2QjZFN0QtODMwOS00MTY4LTgwRTEtNzg5RDI1MjYzQjAzfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjciIGNvaG9ydD0icnJmQDAuNzkiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI3IiByZD0iNjYxNSIgcGluZ19mcmVzaG5lc3M9Ins5M0ZFNzhBQS1GMzlGLTRDNzAtQTJGNi04MEZDMkJDRThCMTh9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
318KB

MD5
d27c249546c0c7e7a503ad978bedc22c

SHA1
abd31ec82581b1e253b12e4ed71412f23aa1efc0

SHA256
ef95d9e08f406e43772eb720f3579e0474b6bc145c9d03d30e31bffd2d2917a4

SHA512
7b5b528913fdd1f78c13ee05c18351593c5fa821ebc9c114f8ed57518b60804b2133116215308ee2ab729279a202a4dd793d163f72fb39b174072861948fb989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb7fc9b0c2b21e5706641c421c4f5f84

SHA1
b911ef5164b8d968972e026743652dbd37e9d111

SHA256
aff9a8e6cfc7e101c493a18f07a77645b292429ba65e28c964445b0020bc3c96

SHA512
81f3ae6deed2fb35b46eec2a1ffe2fb31a430e91cda046d57b51f6a5a8a3cf757665a7c30e9e341da307ecf2049e44b4b34b6979fa953216295c5043a4f428d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e6ccdd370d8b96a5ab810745b4732161

SHA1
a5ab499e95cd44dec08f95f9c1cb55ba8207cf76

SHA256
50f583c9aaca6e9d27312793e40a7a8592cd360d0673f0bad9dc96f3da4f0b2a

SHA512
fc2db021d290fa4e63566ac0e6f5f28e44dd8aedfc9b3e3009db898d072674fd5807e472934423c601b5e7da3972a1bd710845eb612eb2486915f1e2627900e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53386c5b5e739723cce382dcaed95a96

SHA1
33ee9130376b6c242fa0a7f38415f821325eae7d

SHA256
b2a51181d7d69e0ecca6ddb1be0ce465fd852a695ecd879b76ba8780778356a1

SHA512
e1e031047cc9075dbe307eae685ea8de5d950e3c570553b0cfe6e92a9efdc31db592ddbb4c7c4654bdb59038788b1b38d690cd6b966393cd8f9fa16ec9f4126b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8efcdf3e69f339400600a116f25a4ea8

SHA1
78afbc712445ed490773c8c326e950c377165b5e

SHA256
2a48a7b48b161a996e8ffeda4cad367ae8414f7af9f11f5217f01e3448f0cf07

SHA512
71ad969141a5a18901cc2d603e97fad7d4a4a94f16920ccd831498d0a99dc86f01be5dff48b371f6d852163684e2601c2a79615eb217890692ccd80f4ed82c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
f3511661c99e897fb045704bcd3c9f0c

SHA1
0d3604b41144ee830c4d4ac456464c07652879b0

SHA256
ad5fe7e3e00bd187df0376f7c20ebaee27b67ee03e44159372855ce615b55299

SHA512
df95a779a86a6a8e3e2e739bb0957d793edd6e03a63a6b71e299feaa23e4bdfa66226e3f154cf11b3e1629da92252cccd0f6fa107d649f7ac9656c3af2150024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
029ab58280e644a9b8b893c5b963ab94

SHA1
19c97955d5553db45d33ad67fe8b4a993dbd5cba

SHA256
b32563792bacd94e70d79faacff300b5de475d41f14de4beb031a232865249b6

SHA512
5db4cb435cdf3df46aa25cefe0a4be81281b9c92c5c2a5be67c4819b5fe03f228551d79e0a2a7b55511b1a832e7761aaa3d067f25a11be9f9082bbd4e4c0fe86

Download Submit